Lucene search

IbmCVELIST:CVE-2022-41732

HistoryNov 28, 2022 - 4:30 p.m.

CVE-2022-41732 IBM Maximo information disclosure

2022-11-2816:30:28

CWE-256

ibm

www.cve.org

ibm maximo

clear text

user credentials

vulnerability

information disclosure

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Maximo Mobile",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.7"
      },
      {
        "status": "affected",
        "version": "8.8"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/237407

www.ibm.com/support/pages/node/6841617

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-41732