IBM Maximo Application Suite - Monitor Component update for Babel-traverse



Published: 2023-12-01
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-45133
CWE-ID CWE-697
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
IBM Maximo Application Suite
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Incorrect Comparison

EUVDB-ID: #VU83234

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45133

CWE-ID: CWE-697 - Incorrect Comparison

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists in '@babel/traverse' and `babel-traverse`. A local user can execute arbitrary code during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Maximo Application Suite: 8.10.0 - 8.11.0

External links

http://www.ibm.com/support/pages/node/7087285


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###