CVE-2023-32337 – IBM Maximo Spatial Asset Management server-side request forgery
https://notcve.org/view.php?id=CVE-2023-32337
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 https://www.ibm.com/support/pages/node/7107712 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-47718 – IBM Maximo Asset Management cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-47718
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. IBM Maximo Asset Management 7.6.1.3 y Manage Component 8.10 a 8.11 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 271843. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 https://www.ibm.com/support/pages/node/7107738 https://www.ibm.com/support/pages/node/7107740 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-32332 – IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection
https://notcve.org/view.php?id=CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. IBM Maximo Application Suite en versiones 8.9 y 8.10 e IBM Maximo Asset Management en versiones 7.6.1.2 y 7.6.1.3 son vulnerables a la inyección HTML. Un atacante remoto podría inyectar código HTML malicioso, que cuando se detecta, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de hosting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255072 https://www.ibm.com/support/pages/node/7030367 https://www.ibm.com/support/pages/node/7030926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32334 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-32334
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. IBM Maximo Asset Management v7.6.1.2, v7.6.1.3 e IBM Maximo Application Suite v8.8.0 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado de referencia o el historial del navegador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 https://www.ibm.com/support/pages/node/6999721 https://www.ibm.com/support/pages/node/6999747 •
CVE-2022-43866 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43866
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239436 https://www.ibm.com/support/pages/node/6983534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •