Lucene search
IBMEF082F187800AC9653318DE7884D3525E19E48C48095B1D8013638A9C3084E56HistoryMar 20, 2024 - 11:24 a.m.
Security Bulletin: IBM Maximo Application Suite uses urllib3-2.0.3-py3-none-any.whl which is vulnerable to CVE-2023-45803
2024-03-2011:24:42
www.ibm.com
16
ibm maximo application suite
urllib3
cve-2023-45803
information disclosure
cvss 4.2
ibm asset data dictionary component
fixpack 1.1.6
Summary
BM Maximo Application Suite uses urllib3-2.0.3-py3-none-any.whl which is vulnerable to CVE-2023-45803. This bulletin contains information regarding the vulnerability and its fixture.
Vulnerability Details
CVEID:CVE-2023-45803
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not remove the HTTP request body when an HTTP redirect response using status 303. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269079 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Asset Data Dictionary Component | 1.1.x |
Remediation/Fixes
| Affected Product(s) | Fixpack Version(s) |
|---|---|
| IBM Asset Data Dictionary Component | 1.1.6 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm maximo application suite | eq | 1.1 |
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4468-1)
2023-11-17 00:00:00
openSUSE: Security Advisory for python (SUSE-SU-2023:4467-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1185)
2024-02-09 00:00:00
redos
redos
ROS-20240403-11
2024-04-03 00:00:00
nessus
nessus
RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:2734)
2024-05-22 00:00:00
SUSE SLED12 / SLES12 Security Update : python-urllib3 (SUSE-SU-2023:4468-1)
2023-11-17 00:00:00
Fedora 37 : python-urllib3 (2023-dede912109)
2023-11-03 00:00:00
github
github
wolfi
wolfi
CVE-2023-45803 vulnerabilities
2024-06-01 09:07:38
osv
osv
urllib3's request body not stripped after redirect from 303 status changes request method to GET
2023-10-17 20:15:25
CVE-2023-45803
2023-10-17 20:15:10
python-urllib3 - security update
2023-11-08 00:00:00
cve
cve
CVE-2023-45803
2023-10-17 20:15:10
redhat
redhat
(RHSA-2024:2734) Moderate: Red Hat OpenStack Platform 17.1 (python-urllib3) security update
2024-05-22 20:31:21
(RHSA-2024:2952) Moderate: resource-agents security and bug fix update
2024-05-22 06:35:10
(RHSA-2024:0588) Moderate: python-urllib3 security update
2024-01-30 12:53:27
ibm
ibm
fedora
fedora
[SECURITY] Fedora 38 Update: python-urllib3-1.26.18-1.fc38
2023-10-21 01:30:09
[SECURITY] Fedora 37 Update: python-urllib3-1.26.18-1.fc37
2023-11-03 01:10:53
[SECURITY] Fedora 39 Update: python-urllib3-1.26.18-1.fc39
2023-11-03 19:01:21
cbl_mariner
cbl_mariner
alpinelinux
alpinelinux
CVE-2023-45803
2023-10-17 20:15:10
amazon
amazon
Medium: python-urllib3
2024-01-03 21:04:00
cvelist
cvelist
CVE-2023-45803 Request body not stripped after redirect in urllib3
2023-10-17 19:43:45
debiancve
debiancve
CVE-2023-45803
2023-10-17 20:15:10
redhatcve
redhatcve
CVE-2023-45803
2023-10-29 14:55:37
cgr
cgr
CVE-2023-45803 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Information Disclosure
2023-10-19 07:19:20
prion
prion
Design/Logic Flaw
2023-10-17 20:15:00
ubuntucve
ubuntucve
CVE-2023-45803
2023-10-17 00:00:00
almalinux
almalinux
Moderate: python-urllib3 security update
2024-01-25 00:00:00
Moderate: resource-agents security and bug fix update
2024-05-22 00:00:00
Moderate: python-urllib3 security update
2024-01-10 00:00:00
oraclelinux
oraclelinux
python-urllib3 security update
2024-01-25 00:00:00
python-urllib3 security update
2024-01-10 00:00:00
fence-agents security and bug fix update
2024-05-23 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0211
2024-02-16 00:00:00
ubuntu
ubuntu
pip vulnerabilities
2023-11-15 00:00:00
urllib3 vulnerabilities
2023-11-07 00:00:00
cloudfoundry
cloudfoundry
USN-6473-1: urllib3 vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Related for EF082F187800AC9653318DE7884D3525E19E48C48095B1D8013638A9C3084E56