CVE-2013-3323

high-risk
Published 2020-02-18

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

Do I need to act?

-
0.53% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Change And Configuration Management Database
Change And Configuration Management Database
Maximo Asset Management Essentials
Maximo Asset Management Essentials
Maximo Asset Management Essentials
Maximo For Government
Maximo For Government
Maximo For Government

Affected Vendors

Ibm

References (6)

Third Party Advisory http://www.securityfocus.com/bid/62685
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.18816...
Vendor Advisory https://www.ibm.com/support/pages/node/235239
Third Party Advisory http://www.securityfocus.com/bid/62685
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.18816...
Vendor Advisory https://www.ibm.com/support/pages/node/235239
58
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 24/34 · High