Lucene search

K
ibmIBMB09A566DC46C24D663F5BAADE873C805FBE3B93176EB818F666D000A7ED2C3E4
HistoryMar 13, 2024 - 9:46 p.m.

Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43643)

2024-03-1321:46:04
www.ibm.com
12
ibm maximo application suite
antisamy
cross-site scripting
remote attackers
authentication credentials
patch fix
upgrade
manage component

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0

Percentile

12.6%

Summary

There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite.

Vulnerability Details

CVEID:CVE-2023-43643
**DESCRIPTION:**AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268271 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Manage Component

MAS 8.10.0 - Manage 8.6.0

IBM Maximo Application Suite - Manage Component|

MAS 8.11.0 - Manage 8.7.0

Remediation/Fixes

For IBM Maximo Manage application in IBM Maximo Application Suite:

MAS Manage Patch Fix or Release
Upgrade to MAS 8.10.10

Upgrade to Manage 8.6.10 or latest (available from the Catalog under Update Available)

Upgrade to MAS 8.11.7|

Upgrade to Manage 8.7.5 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.10
OR
ibmmaximo_application_suiteMatch8.11

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0

Percentile

12.6%

Related for B09A566DC46C24D663F5BAADE873C805FBE3B93176EB818F666D000A7ED2C3E4