IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6999721 | Vendor Advisory |
https://www.ibm.com/support/pages/node/6999747 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Jun 2023, 00:01
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ibm maximo Application Suite
Ibm Ibm maximo Asset Management |
|
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 - VDB Entry, Vendor Advisory | |
References | (MISC) https://www.ibm.com/support/pages/node/6999721 - Vendor Advisory | |
References | (MISC) https://www.ibm.com/support/pages/node/6999747 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:ibm:maximo_application_suite:8.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | NVD-CWE-noinfo |
05 Jun 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-05 01:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-32334
Mitre link : CVE-2023-32334
CVE.ORG link : CVE-2023-32334
JSON object : View
Products Affected
ibm
- maximo_application_suite
- maximo_asset_management
CWE