CVE-2023-32337 – IBM Maximo Spatial Asset Management server-side request forgery
https://notcve.org/view.php?id=CVE-2023-32337
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 https://www.ibm.com/support/pages/node/7107712 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-47718 – IBM Maximo Asset Management cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-47718
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. IBM Maximo Asset Management 7.6.1.3 y Manage Component 8.10 a 8.11 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 271843. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 https://www.ibm.com/support/pages/node/7107738 https://www.ibm.com/support/pages/node/7107740 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-32332 – IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection
https://notcve.org/view.php?id=CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. IBM Maximo Application Suite en versiones 8.9 y 8.10 e IBM Maximo Asset Management en versiones 7.6.1.2 y 7.6.1.3 son vulnerables a la inyección HTML. Un atacante remoto podría inyectar código HTML malicioso, que cuando se detecta, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de hosting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255072 https://www.ibm.com/support/pages/node/7030367 https://www.ibm.com/support/pages/node/7030926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •