Lucene search

IBM8A19313B3178ECA8944EB487885CA1FFE551B5387D3943046A0E4E3A18CA92BE

HistoryFeb 06, 2024 - 9:15 a.m.

Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804.

2024-02-0609:15:42

www.ibm.com

ibm maximo application suite

urllib3

vulnerability

cve-2023-43804

fixpack 8.8.4

iot component

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Summary

IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerability and its fixture.

Vulnerability Details

CVEID:CVE-2023-43804
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during cross-origin redirects. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268192 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Maximo Application Suite - IoT Component	8.8

Remediation/Fixes

Affected Product(s)	Fixpack Version(s)
IBM Maximo Application Suite - IoT Component	8.8.4

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmaximo_application_suiteMatch8.8

CPENameOperatorVersion
ibm maximo application suiteeq8.8

CPE	Name	Operator	Version
	ibm maximo application suite	eq	8.8

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for 8A19313B3178ECA8944EB487885CA1FFE551B5387D3943046A0E4E3A18CA92BE