IBM Maximo Asset Management information disclosure
CVE-2023-32334

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Maximo Asset Management
Maximo Application Suite
Vendor
CVE Published:
5 June 2023

Summary

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.

Affected Version(s)

Maximo Application Suite 8.8.0

Maximo Asset Management 7.6.1.2, 7.6.1.3

References

https://www.ibm.com/support/pages/node/6999721
vendor-advisory
https://www.ibm.com/support/pages/node/6999747
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/255074
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.