8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.1%
There is a vulnerability in CSRF Token used by IBM Maximo Asset Management application.
CVEID:CVE-2023-47718
**DESCRIPTION:**IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Product versions affected:
Affected Product(s) | Version(s) |
---|---|
IBM Maximo Asset Management | 7.6.1.3 |
The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the βreadmeβ documentation provided with each fix pack or interim fix.
For Maximo Asset Management 7.6:
VRM | Fix Pack, Feature Pack, or Interim Fix | Download |
---|---|---|
7.6.1.3 |
Maximo Asset Management 7.6.1.3 iFix:
7.6.1.3-TIV-MBS-IF013 or latest Interim Fix available
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm maximo asset management | eq | 7.6.1 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.1%