CVE-2023-32332

Опубликовано: 08 сент. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/255072
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7030367
Vendor Advisory
https://www.ibm.com/support/pages/node/7030926
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/255072
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7030367
Vendor Advisory
https://www.ibm.com/support/pages/node/7030926
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:maximo_application_suite:8.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.0005

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9495-x92x-h52j