Lucene search

IBMD880C313518A5641330A7290E350AB14025CEEE017588AB5543C1F9828C03BCC

HistoryJul 04, 2023 - 5:56 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-35890)

2023-07-0417:56:49

www.ibm.com

ibm websphere application server

maximo asset management

cve-2023-35890

security bulletin

vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera, SmartCloud Control Desk, and TRIRIGA Energy Optimization. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Maximo Asset Management core product versions affected:

Affected Product(s)	Version(s)	Affected Supporting Product and Version

Maximo Asset Management

7.6.1.2

7.6.1.3

IBM WebSphere Application Server 9.0
IBM WebSphere Application Server 8.5.5 Full Profile

Remediation/Fixes

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmmaximo_asset_managementMatch7.6.1

ibmcontrol_deskMatch7.6.1.1

ibmcontrol_deskMatch7.6.1

ibmmaximo_for_nuclear_powerMatch7.6.1

ibmmaximo_for_utilitiesMatch7.6.0.2

ibmmaximo_for_utilitiesMatch7.6.0.1

ibmmaximo_spatial_asset_managementMatch7.6.0.5

ibmmaximo_spatial_asset_managementMatch7.6.0.4

ibmmaximo_spatial_asset_managementMatch7.6.0.3

ibmmaximo_spatial_asset_managementMatch7.6.0.2

ibmmaximo_for_service_providersMatch7.6.3.3

ibmmaximo_for_service_providersMatch7.6.3.2

ibmmaximo_for_service_providersMatch7.6.3.1

ibmmaximo_asset_configuration_managerMatch7.6.7.1

ibmmaximo_asset_configuration_managerMatch7.6.7

ibmmaximo_asset_configuration_managerMatch7.6.6

ibmmaximo_for_transportationMatch7.6.2.5

ibmmaximo_for_transportationMatch7.6.2.4

ibmmaximo_for_transportationMatch7.6.2.3

ibmmaximo_for_life_sciencesMatch7.6

ibmmaximo_for_oil_and_gasMatch7.6.1

ibmmaximo_for_aviationMatch7.6.8

ibmmaximo_for_aviationMatch7.6.7

ibmmaximo_for_aviationMatch7.6.6

CPENameOperatorVersion
ibm maximo asset managementeq7.6.1
ibm control deskeq7.6.1.1
ibm control deskeq7.6.1
maximo for nuclear powereq7.6.1
maximo for utilitieseq7.6.0.2
maximo for utilitieseq7.6.0.1
maximo spatial asset managementeq7.6.0.5
maximo spatial asset managementeq7.6.0.4
maximo spatial asset managementeq7.6.0.3
maximo spatial asset managementeq7.6.0.2

Name	Operator	Version
ibm maximo asset management	eq	7.6.1
ibm control desk	eq	7.6.1.1
ibm control desk	eq	7.6.1
maximo for nuclear power	eq	7.6.1
maximo for utilities	eq	7.6.0.2
maximo for utilities	eq	7.6.0.1
maximo spatial asset management	eq	7.6.0.5
maximo spatial asset management	eq	7.6.0.4
maximo spatial asset management	eq	7.6.0.3
maximo spatial asset management	eq	7.6.0.2

Rows per page:

1-10 of 241

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for D880C313518A5641330A7290E350AB14025CEEE017588AB5543C1F9828C03BCC