IBM Maximo Suite Vulnerability: Sensitive Information in URL Parameters
CVE-2023-32335
7.5HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 13 March 2024
Summary
The IBM Maximo Application Suite and IBM Maximo Asset Management products expose sensitive information via URL parameters. This misconfiguration allows unauthorized individuals to gain access to confidential data if they can view these URLs through server logs, referrer headers, or browser history. Such exposure could lead to significant security implications for organizations utilizing these applications, underscoring the importance of implementing robust security measures to protect sensitive information.
Affected Version(s)
Maximo Application Suite 8.10, 8.11
Maximo Asset Management 7.6.1.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved