First published: Tue Mar 12 2024(Updated: )
IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Maximo Asset Management | <=7.6.1.3 | |
IBM Maximo Application Suite | =7.6.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38723 is considered a high severity vulnerability due to its potential for stored cross-site scripting attacks.
To fix CVE-2023-38723, upgrade IBM Maximo Application Suite to version 7.6.1.4 or later.
CVE-2023-38723 allows attackers to embed arbitrary JavaScript in the Web UI, potentially leading to credential disclosure.
CVE-2023-38723 affects IBM Maximo Application Suite version 7.6.1.3 and earlier.
Yes, immediate mitigation is necessary to protect users from potential exploitation of CVE-2023-38723.