CVE-2023-27860 MEDIUM

CVE-2023-27860: IBM Maximo Asset Management information disclosure

Vendor Ibm
Product Maximo Asset Management
Weakness CWE-209 · Error message info leak
Published April 27, 2023
Last update January 30, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.

Key dates

02Disclosure timeline

April 27, 2023 CVE published
January 30, 2025 Record updated