IBM Maximo Application Suite - Monitor Component uses tornado, which is vulnerable to 263690. This bulletin identifies the steps to take to address the vulnerability.
**IBM X-Force ID:**263690
**DESCRIPTION:**Tornado Web Server is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP Content-Length header. By sending a specially crafted HTTP(S) Content-Length header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263690 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Maximo Application Suite - Monitor Component | 8.11 |
IBM Maximo Application Suite - Monitor Component | 8.10 |
Affected Product(s) | Fixpack Version(s) |
---|---|
IBM Maximo Application Suite - Monitor Component | 8.11.1 or latest (available from the Catalog under Update Available) |
IBM Maximo Application Suite - Monitor Component | 8.10.6 or latest (available from the Catalog under Update Available) |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm maximo application suite | eq | 8.11 | |
ibm maximo application suite | eq | 8.10 |