Information disclosure in IBM Maximo Application Suite and IBM Maximo Asset Management

#VU87656 Information disclosure in IBM Maximo Application Suite and IBM Maximo Asset Management

Published: 2024-03-20

Vulnerability identifier: #VU87656

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32335

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Maximo Application Suite
Server applications / Other server solutions
IBM Maximo Asset Management
Server applications / Other server solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the storage of sensitive information in URL parameters. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Maximo Application Suite: 8.10, 8.11.0

External links
http://www.ibm.com/support/pages/node/7138684
http://exchange.xforce.ibmcloud.com/vulnerabilities/266875
http://www.ibm.com/support/pages/node/7138686

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in IBM Maximo Application Suite - Manage Component

Information disclosure in IBM Maximo Asset Management