Lucene search

IBM841086E79A6AF71198E99F0FC618F4E1F7A4B0675C3923EB58FCFD60DA72BA7E

HistoryJan 17, 2024 - 8:08 p.m.

Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)

2024-01-1720:08:41

www.ibm.com

csrf token

ibm maximo manage

ibm maximo application suite

vulnerability

cve-2023-47718

mas 8.10.0

mas 8.11.0

manage 8.6.0

manage 8.7.0

update

patch fix

release

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

27.9%

JSON

Summary

There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite.

Vulnerability Details

CVEID:CVE-2023-47718
**DESCRIPTION:**IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Maximo Application Suite - Manage Component

MAS 8.10.0 - Manage 8.6.0

IBM Maximo Application Suite - Manage Component|

MAS 8.11.0 - Manage 8.7.0

Remediation/Fixes

For IBM Maximo Manage application in IBM Maximo Application Suite:

MAS	Manage Patch Fix or Release
Upgrade to MAS 8.10.6

Upgrade to Manage 8.6.6 or latest (available from the Catalog under Update Available)

Upgrade to MAS 8.11.2|

Upgrade to Manage 8.7.1 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmaximo_application_suiteMatch8.10

ibmmaximo_application_suiteMatch8.11

VendorProductVersionCPE
ibmmaximo_application_suite8.10cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*
ibmmaximo_application_suite8.11cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	maximo_application_suite	8.10	cpe:2.3:a:ibm:maximo_application_suite:8.10:::::::*
ibm	maximo_application_suite	8.11	cpe:2.3:a:ibm:maximo_application_suite:8.11:::::::*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

27.9%

JSON

Related for 841086E79A6AF71198E99F0FC618F4E1F7A4B0675C3923EB58FCFD60DA72BA7E