IBMF8F3D97DB08347244BF4BCAE95C7B610784D02FAF3ED836ECE96B425749C596ESecurity Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
Summary
IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155. This bulletin contains information regarding the vulnerability and its fixture.
Vulnerability Details
CVEID:CVE-2023-28155
**DESCRIPTION:**Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Maximo Application Suite - AI Broker | 1.0.0 |
Remediation/Fixes
Affected Product(s)|
Fix Pack
Version(s)
โ|โ
IBM Maximo Application Suite - AI Broker| 1.0.1
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High