Main Vulnerability Database Vulnerabilities #VU76735

Information disclosure in IBM Maximo Asset Management - CVE-2023-32334

Published: June 1, 2023

Vulnerability identifier: #VU76735

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-32334

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Maximo Asset Management

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to IBM Maximo Asset Management stores sensitive information in URL parameters. A remote attacker with access to the URLs via server logs, referrer header or browser history can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/6999747

Information disclosure in IBM Maximo Asset Management - CVE-2023-32334

Description

Remediation

External links

Please verify you're human