CVE-2023-27864: XSS
First published: Wed Mar 29 2023(Updated: )
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.6.1.2 | |
| IBM Maximo Asset Management | =7.6.1.3 | |
| IBM Maximo Asset Management | <=7.6.1.2 | |
| IBM Maximo Asset Management | <=7.6.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for IBM Maximo Asset Management?
The vulnerability ID for IBM Maximo Asset Management is CVE-2023-27864.
What is the severity of CVE-2023-27864?
The severity of CVE-2023-27864 is medium, with a severity value of 5.4.
How does the HTML injection vulnerability in IBM Maximo Asset Management work?
The HTML injection vulnerability in IBM Maximo Asset Management allows a remote attacker to inject malicious HTML code that is executed in the victim's web browser within the security context of the hosting site.
Which versions of IBM Maximo Asset Management are affected by CVE-2023-27864?
IBM Maximo Asset Management versions 7.6.1.2 and 7.6.1.3 are affected by CVE-2023-27864.
How can I fix the HTML injection vulnerability in IBM Maximo Asset Management?
To fix the HTML injection vulnerability in IBM Maximo Asset Management, it is recommended to apply the latest security patches provided by IBM.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.6.1.2
- version/ibm maximo asset management/7.6.1.3