Lucene search

K
ibmIBM8AA46A4BFDD0F8CB5D963F1D127CCEC3332043A99588EBAAD8A83E19E804316D
HistoryMar 13, 2024 - 9:45 p.m.

Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Asset Management (CVE-2023-43643)

2024-03-1321:45:51
www.ibm.com
16
ibm maximo asset management
antisamy
cve-2023-43643
cross-site scripting
upgrade
fixcentral

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

Summary

There is a vulnerability in AntiSamy used by IBM Maximo Asset Management .

Vulnerability Details

CVEID:CVE-2023-43643
**DESCRIPTION:**AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268271 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.1.3

Remediation/Fixes

The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central (What is Fix Central?) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the β€˜readme’ documentation provided with each fix pack or interim fix.

For Maximo Asset Management 7.6:

VRM Fix Pack, Feature Pack, or Interim Fix Download
7.6.1.3

Maximo Asset Management 7.6.1.3 iFix:

7.6.1.3-TIV-MBS-IF017 or latest Interim Fix available

|

FixCentral

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_asset_managementMatch7.6.1
CPENameOperatorVersion
ibm maximo asset managementeq7.6.1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

Related for 8AA46A4BFDD0F8CB5D963F1D127CCEC3332043A99588EBAAD8A83E19E804316D