SB2024042212 - Inclusion of sensitive information in log files in IBM Maximo Application Suite
Published: April 22, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-6460)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local privileged user can exploit this vulnerability to obtain the firestore key information, and use this information to launch further attacks against the affected system.
Remediation
Install update from vendor's website.