CVE-2023-32335 - Vulnerability Details - OpenCVE

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Maximo Application Suite Maximo Asset Management

Configuration 1 [-]

OR	cpe:2.3:a:ibm:maximo_application_suite:8.10:::::::*
	cpe:2.3:a:ibm:maximo_application_suite:8.11:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/266875
https://www.ibm.com/support/pages/node/7138684
https://www.ibm.com/support/pages/node/7138686

History

Tue, 14 Jan 2025 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm Ibm maximo Application Suite Ibm maximo Asset Management
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:ibm:maximo_application_suite:8.10:::::::* cpe:2.3:a:ibm:maximo_application_suite:8.11:::::::* cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:::::::*
Vendors & Products		Ibm Ibm maximo Application Suite Ibm maximo Asset Management

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-03-13T09:23:23.225Z

Updated: 2024-08-05T15:52:20.030Z

Reserved: 2023-05-08T18:32:34.088Z

Link: CVE-2023-32335

Vulnrichment

Updated: 2024-08-02T15:10:24.953Z

NVD

Status : Analyzed

Published: 2024-03-13T10:15:07.413

Modified: 2025-01-14T20:10:32.063

Link: CVE-2023-32335

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32335", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-05-08T18:32:34.088Z", "datePublished": "2024-03-13T09:23:23.225Z", "dateUpdated": "2024-08-05T15:52:20.030Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Maximo Application Suite", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.10, 8.11"}]}, {"defaultStatus": "unaffected", "product": "Maximo Asset Management", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.6.1.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075."}], "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-598", "description": "CWE-598 Information Exposure Through Query Strings in GET Request", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-03-13T09:23:23.225Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7138684"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"}, {"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7138686"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Maximo Application Suite information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.953Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7138684"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7138686"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T15:52:09.104397Z", "id": "CVE-2023-32335", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T15:52:20.030Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7138684", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://www.ibm.com/support/pages/node/7138686", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:10:24.953Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32335", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T15:52:09.104397Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T15:52:15.800Z"}}], "cna": {"title": "IBM Maximo Application Suite information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Maximo Application Suite", "versions": [{"status": "affected", "version": "8.10, 8.11"}], "defaultStatus": "unaffected"}, {"vendor": "IBM", "product": "Maximo Asset Management", "versions": [{"status": "affected", "version": "7.6.1.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7138684", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875", "tags": ["vdb-entry"]}, {"url": "https://www.ibm.com/support/pages/node/7138686", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.", "supportingMedia": [{"type": "text/html", "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-598", "description": "CWE-598 Information Exposure Through Query Strings in GET Request"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-03-13T09:23:23.225Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32335", "state": "PUBLISHED", "dateUpdated": "2024-08-05T15:52:20.030Z", "dateReserved": "2023-05-08T18:32:34.088Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-03-13T09:23:23.225Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "DD9CA1C5-A903-4002-B9D3-430412676544", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*", "matchCriteriaId": "BB312A14-314B-4AD0-941C-A6AE1EC0D592", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075."}, {"lang": "es", "value": "IBM Maximo Application Suite 8.10, 8.11 e IBM Maximo Asset Management 7.6.1.3 almacenan informaci\u00f3n confidencial en par\u00e1metros de URL. Esto puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n si partes no autorizadas tienen acceso a las URL a trav\u00e9s de los registros del servidor, el encabezado de referencia o el historial del navegador. ID de IBM X-Force: 255075."}], "id": "CVE-2023-32335", "lastModified": "2025-01-14T20:10:32.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-13T10:15:07.413", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7138684"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7138686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7138684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7138686"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-598"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}