Vulnerability Details : CVE-2022-41732

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.

Published 2022-11-28 17:15:11

Updated 2022-12-01 22:54:29

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-41732

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	2.5	3.6	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-256 Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

Assigned by: [email protected] (Secondary)
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: [email protected] (Primary)

IBM » Maximo Application Suite » Version: 8.7
cpe:2.3:a:ibm:maximo_application_suite:8.7:*:*:*:*:*:*:*
Matching versions
IBM » Maximo Application Suite » Version: 8.8
cpe:2.3:a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:*
Matching versions