Maximo Mobile for EAM Vulnerability Could Disclose Sensitive Information to Local Users
CVE-2023-43043

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Application Suite - Maximo Mobile For Eam
Vendor: CVE Published:; 13 March 2024

Summary

The IBM Maximo Application Suite, specifically the Maximo Mobile for EAM versions 8.10 and 8.11, has a vulnerability that allows local users to access sensitive information. This exposure can lead to significant security risks if unaddressed, as it enables unauthorized users to gain insights into confidential data, potentially impacting organizational security policies and compliance requirements. Organizations using these affected versions are advised to review their security measures and apply necessary patches to mitigate the risk.

Affected Version(s)

Maximo Application Suite - Maximo Mobile for EAM 8.10, 8.11

References

https://www.ibm.com/support/pages/node/7138286

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/266875

vdb-entry

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Sep 15, 2023