CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
Configurations

No configuration.

History

21 Nov 2024, 08:03

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 -
References () https://www.ibm.com/support/pages/node/7138684 - () https://www.ibm.com/support/pages/node/7138684 -
References () https://www.ibm.com/support/pages/node/7138686 - () https://www.ibm.com/support/pages/node/7138686 -
Summary
  • (es) IBM Maximo Application Suite 8.10, 8.11 e IBM Maximo Asset Management 7.6.1.3 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado de referencia o el historial del navegador. ID de IBM X-Force: 255075.

13 Mar 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-13 10:15

Updated : 2024-11-21 08:03


NVD link : CVE-2023-32335

Mitre link : CVE-2023-32335

CVE.ORG link : CVE-2023-32335


JSON object : View

Products Affected

No product.

CWE
CWE-598

Use of GET Request Method With Sensitive Query Strings