CVE-2023-32335

Name of the Vulnerable Software and Affected Versions IBM Maximo Application Suite versions 8.10 through 8.11 IBM Maximo Asset Management version 7.6.1.3

Description The software stores sensitive information in URL parameters, which may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, or browser history.

Recommendations For IBM Maximo Application Suite versions 8.10 through 8.11, consider modifying the application to avoid storing sensitive information in URL parameters. For IBM Maximo Asset Management version 7.6.1.3, consider implementing measures to restrict access to server logs and browser history to minimize the risk of information disclosure. As a temporary workaround, consider configuring the server to not log sensitive URL parameters until a patch is available.