CVE-2021-38924

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:maximo_application_suite:8.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-668 CWE-209

17 Sep 2022, 02:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_application_suite:8.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2:*:*:*:*:*:*:*
CWE CWE-668
References (CONFIRM) https://www.ibm.com/support/pages/node/6620059 - (CONFIRM) https://www.ibm.com/support/pages/node/6620059 - Patch, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/210163 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/210163 - VDB Entry, Vendor Advisory

14 Sep 2022, 17:45

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-14 17:15

Updated : 2024-02-04 22:51


NVD link : CVE-2021-38924

Mitre link : CVE-2021-38924

CVE.ORG link : CVE-2021-38924


JSON object : View

Products Affected

ibm

  • maximo_asset_management
  • maximo_application_suite
CWE
CWE-209

Generation of Error Message Containing Sensitive Information