CVE-2023-27861 — Cleartext Transmission of Sensitive Info in IBM Maximo Application Suite

CWE-319 — Cleartext Transmission of Sensitive Info3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.0%

top 90.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Application Suite

Timeline

PublishedJun 5

Description

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/maximo_application_suite8.8.0, 8.9.0

▶NVDibm/maximo_application_suite8.8.0, 8.9.0+1

🔴Vulnerability Details

GHSA

GHSA-fhxq-p3w5-jfq8: IBM Maximo Application Suite - Manage Component 8↗2023-06-05

▶

CVEList

IBM Maximo Application Suite information disclosure↗2023-06-05

▶