Lucene search

K
ibmIBM7BF305CB394434A231549592ACB2B362B598DA97368AFBD76096A47CC583DB95
HistoryApr 10, 2024 - 10:48 a.m.

Security Bulletin: next-auth-4.24.3.tgz is vulnerable to CVE-2023-48309 used in IBM Maximo Application Suite - Edge Data Collector

2024-04-1010:48:54
www.ibm.com
6
ibm maximo application suite
edge data collector
next-auth-4.24.3.tgz
cve-2023-48309
remote attacker
authentication validation
sensitive information
vulnerability
cvss
remediation
software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

Summary

IBM Maximo Application Suite - Edge Data Collector uses next-auth-4.24.3.tgz which is vulnerable to CVE-2023-48309

Vulnerability Details

CVEID:CVE-2023-48309
**DESCRIPTION:**Auth.js next-auth could allow a remote attacker to obtain sensitive information, caused by improper authentication validation. By sending a specially crafted request using a mock user, an attacker could exploit this vulnerability to obtain logged in user states information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272020 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Edge Data Collector All

Remediation/Fixes

Affected Product(s) Version(s)
IBM Edge Data Collector 8.11.4 or or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.11
CPENameOperatorVersion
ibm maximo application suiteeq8.11

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

Related for 7BF305CB394434A231549592ACB2B362B598DA97368AFBD76096A47CC583DB95