CVE-2023-32332 – IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection
https://notcve.org/view.php?id=CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. IBM Maximo Application Suite en versiones 8.9 y 8.10 e IBM Maximo Asset Management en versiones 7.6.1.2 y 7.6.1.3 son vulnerables a la inyección HTML. Un atacante remoto podría inyectar código HTML malicioso, que cuando se detecta, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de hosting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255072 https://www.ibm.com/support/pages/node/7030367 https://www.ibm.com/support/pages/node/7030926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32334 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-32334
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. IBM Maximo Asset Management v7.6.1.2, v7.6.1.3 e IBM Maximo Application Suite v8.8.0 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado de referencia o el historial del navegador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 https://www.ibm.com/support/pages/node/6999721 https://www.ibm.com/support/pages/node/6999747 •
CVE-2022-43866 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2022-43866
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239436 https://www.ibm.com/support/pages/node/6983534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-27864 – IBM Maximo Asset Management HTML injection
https://notcve.org/view.php?id=CVE-2023-27864
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249327 https://www.ibm.com/support/pages/node/6983460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-27860 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-27860
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249207 https://www.ibm.com/support/pages/node/6985679 • CWE-209: Generation of Error Message Containing Sensitive Information •