Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC53831131AED0E69E137B7AEA3A5B9154F0614A396E1AFFAA970B2D2C28A9688
HistoryApr 04, 2023 - 8:41 p.m.

Security Bulletin: There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-36033)

2023-04-0420:41:01
www.ibm.com
24
ibm maximo
application suite
jsoup vulnerability
cve-2022-36033
cross-site scripting
security bulletin
patch fix
mas 8.8
manage 8.4

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.5%

JSON

Summary

There is a vulnerability in jsoup used by IBM Maximo Manage application in IBM Maximo Application Suite.

Vulnerability Details

CVEID:CVE-2022-36033
**DESCRIPTION:**jsoup is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234845 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Manage Component

MAS 8.8- Manage 8.4

Remediation/Fixes

For IBM Maximo Manage application in IBM Maximo Application Suite:

Maximo Application Suite Manage Patch Fix or Release
Upgrade to MAS version 8.8.5 or latest Patch Fix available 8.4.5 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.8.0
CPENameOperatorVersion
ibm maximo application suiteeq8.8.0

Related

debiancve 1
redhatcve 1
nessus 9
ibm 8
amazon 1
openvas 1
ubuntucve 1
github 1
nvd 1
cve 1
prion 1
osv 2
cgr 1
cbl_mariner 1
veracode 1
cvelist 1
wolfi 1
oracle 7
debiancve
debiancve
CVE-2022-36033
2022-08-29 17:15:08
redhatcve
redhatcve
CVE-2022-36033
2022-09-15 10:13:18
nessus
nessus
SUSE SLED15 / SLES15 Security Update : jsoup (SUSE-SU-2022:4011-1)
2022-11-17 00:00:00
RHEL 9 : jsoup (Unpatched Vulnerability)
2024-06-03 00:00:00
Amazon Linux 2023 : jsoup, jsoup-javadoc (ALAS2023-2023-315)
2023-08-24 00:00:00
ibm
ibm
Security Bulletin: IBM Workload Scheduler potentially affected by jsoup XSS attacks (CVE-2022-36033)
2023-01-30 17:56:52
Security Bulletin: There is a security vulnerability in jsoup used by IBM Maximo Asset Management (CVE-2022-36033)
2023-06-08 02:31:17
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
2022-12-05 19:00:57
amazon
amazon
Medium: jsoup
2024-02-15 03:52:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4011-1)
2022-11-17 00:00:00
ubuntucve
ubuntucve
CVE-2022-36033
2022-08-29 00:00:00
github
github
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
2022-09-01 22:14:57
nvd
nvd
CVE-2022-36033
2022-08-29 17:15:08
cve
cve
CVE-2022-36033
2022-08-29 17:15:08
prion
prion
Cross site scripting
2022-08-29 17:15:00
osv
osv
CVE-2022-36033
2022-08-29 17:15:08
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
2022-09-01 22:14:57
cgr
cgr
CVE-2022-36033 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2022-36033 affecting package jsoup 1.11.3-3
2024-06-18 09:08:18
veracode
veracode
Cross-site Scripting (XSS)
2022-08-30 07:07:33
cvelist
cvelist
CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled
2022-08-29 00:00:00
wolfi
wolfi
CVE-2022-36033 vulnerabilities
2024-06-18 09:08:19
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.5%

JSON
Related for C53831131AED0E69E137B7AEA3A5B9154F0614A396E1AFFAA970B2D2C28A9688
debiancve1redhatcve1nessus9ibm8amazon1openvas1ubuntucve1github1nvd1cve1prion1osv2cgr1cbl_mariner1veracode1cvelist1wolfi1oracle7