#VU87656 Information disclosure in IBM Maximo Application Suite and IBM Maximo Asset Management - CVE-2023-32335

Cybersecurity Help s.r.o.

Published: 2024-03-20

Vulnerability identifier: #VU87656

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-32335

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Maximo Application Suite
Server applications / Other server solutions
IBM Maximo Asset Management
Server applications / Other server solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the storage of sensitive information in URL parameters. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Maximo Application Suite: 8.10 - 8.11.0

IBM Maximo Asset Management: before 7.6.1.3.17

External links
https://www.ibm.com/support/pages/node/7138684
https://exchange.xforce.ibmcloud.com/vulnerabilities/266875
https://www.ibm.com/support/pages/node/7138686

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in IBM Maximo Application Suite - Manage Component

Information disclosure in IBM Maximo Asset Management