CVE-2023-32337

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 87.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Application Suite IBM Maximo Spatial Asset Management IBM Maximo Asset Management

Timeline

PublishedJan 19

Description

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5ibm/maximo_spatial_asset_management8.10

▶NVDibm/maximo_asset_management7.6.1.3

▶NVDibm/maximo_application_suite8.10 — 8.10.6+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Maximo Spatial Asset Management server-side request forgery↗2024-01-19

▶

GHSA

GHSA-9f34-mr4g-f835: IBM Maximo Spatial Asset Management 8↗2024-01-19

▶