CVE-2023-32334

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.6.1.2 through 7.6.1.3 IBM Maximo Application Suite version 8.8.0

Description The software stores sensitive information in URL parameters, which may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, or browser history.

Recommendations For IBM Maximo Asset Management versions 7.6.1.2 through 7.6.1.3, consider restricting access to server logs and referrer headers to minimize the risk of exploitation. For IBM Maximo Application Suite version 8.8.0, avoid using sensitive information in URL parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.