Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0C699FF794DD88662D664B613C683D35D003DFCA797EB7E1D849E29EF5B5DBE6
HistoryApr 01, 2024 - 7:39 a.m.

Security Bulletin: IBM Maximo Application Suite uses firestore-4.15.1.tgz which is vulnerable to CVE-2023-6460

2024-04-0107:39:28
www.ibm.com
10
ibm maximo
firestore-4.15.1.tgz
cve-2023-6460
google apis
nodejs-firestore
cvss
vulnerability
fixpack 8.10.11
fixpack 8.11.8

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Summary

IBM Maximo Application Suite uses firestore-4.15.1.tgz which is vulnerable to CVE-2023-6460. This bulletin contains information regarding the vulnerability and its fixture.

Vulnerability Details

CVEID:CVE-2023-6460
**DESCRIPTION:**Google APIs nodejs-firestore could allow a local authenticated attacker to obtain sensitive information, caused by the logging of the firestore key in the log files. By gaining access to the log file, an attacker could exploit this vulnerability to obtain the firestore key information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273272 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite 8.10
IBM Maximo Application Suite 8.11

Remediation/Fixes

Affected Product(s) Fixpack Version(s)
IBM Maximo Application Suite 8.10.11
IBM Maximo Application Suite 8.11.8

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.10
OR
ibmmaximo_application_suiteMatch8.11

Related

github 1
cve 1
osv 2
cvelist 1
prion 1
veracode 1
nvd 1
github
github
Logging of the firestore key within nodejs-firestore
2023-12-04 15:31:55
cve
cve
CVE-2023-6460
2023-12-04 13:15:07
osv
osv
CVE-2023-6460
2023-12-04 13:15:07
Logging of the firestore key within nodejs-firestore
2023-12-04 15:31:55
cvelist
cvelist
CVE-2023-6460 Information leak in nodejs-firestore
2023-12-04 12:26:29
prion
prion
Code injection
2023-12-04 13:15:00
veracode
veracode
Sensitive Information Disclosure
2023-12-05 10:19:16
nvd
nvd
CVE-2023-6460
2023-12-04 13:15:07

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for 0C699FF794DD88662D664B613C683D35D003DFCA797EB7E1D849E29EF5B5DBE6
github1cve1osv2cvelist1prion1veracode1nvd1