Lucene search

IBM4D175057793BC5BF0C32DB52C4CF697F3C0D54D4D84350252833E85535407161

HistoryFeb 06, 2024 - 10:00 a.m.

Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.8.tgz which is vulnerable to CVE-2023-48219

2024-02-0610:00:04

www.ibm.com

ibm maximo application suite

tinymce-5.10.8.tgz

cve-2023-48219

cross-site scripting

web browser

authentication.

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

Summary

IBM Maximo Application Suite uses tinymce-5.10.8.tgz which is vulnerable to CVE-2023-48219. This bulletin contains information regarding the vulnerability and its fixture.

Vulnerability Details

CVEID:CVE-2023-48219
**DESCRIPTION:**TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the text nodes. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271852 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Maximo Application Suite	8.10
IBM Maximo Application Suite	8.11

Remediation/Fixes

Affected Product(s)	Fixpack Version(s)
IBM Maximo Application Suite	8.10.9
IBM Maximo Application Suite	8.11.6

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm maximo application suiteeq8.10
ibm maximo application suiteeq8.11

CPE	Name	Operator	Version
	ibm maximo application suite	eq	8.10
	ibm maximo application suite	eq	8.11