Lucene search

K
ibmIBM79A99C5741FF3C2A4414B60EE6A919C74040A8EB7ABA1F1242061EC13E30B484
HistoryFeb 27, 2024 - 4:20 p.m.

Security Bulletin: urllib3 is vulnerable to CVE-2023-45803 used in IBM Maximo Application Suite - Monitor Component

2024-02-2716:20:30
www.ibm.com
12
ibm maximo application suite
monitor component
urllib3
cve-2023-45803
vulnerability
fixpack
8.11.4
8.10.7
sensitive information

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

9.8%

Summary

IBM Maximo Application Suite - Monitor Component uses urllib3 which is vulnerable to CVE-2023-45803. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-45803
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not remove the HTTP request body when an HTTP redirect response using status 303. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269079 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Monitor Component 8.11
IBM Maximo Application Suite - Monitor Component 8.10

Remediation/Fixes

Affected Product(s) Fixpack Version(s)
IBM Maximo Application Suite - Monitor Component 8.11.4 or latest (available from the Catalog under Update Available)
IBM Maximo Application Suite - Monitor Component 8.10.7 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.11
OR
ibmmaximo_application_suiteMatch8.10

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

9.8%