7.5
CVE-2023-32335
- EPSS 0.08%
- Veröffentlicht 13.03.2024 10:15:07
- Zuletzt bearbeitet 14.01.2025 20:10:32
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Maximo Application Suite Version8.10
Ibm ≫ Maximo Application Suite Version8.11
Ibm ≫ Maximo Asset Management Version7.6.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.236 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-598 Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.