2897 matches found
IBM Maximo Application Suite Sensitive Tokens without 'Secure' Attribute
RISK EVALUATION IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. An unauthenticated attacker can steal cookies by directing users to a malicious http:// link and snooping user traffic. 2. RECOMMENDED PRACTICES...
Security Bulletin: IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860.
Summary IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860. This bulletin contains information regarding the vulnerability and its...
Security Bulletin: Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199.
Summary Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library...
Security Bulletin: Maximo AI Service uses qs-6.14.1.tgz and flask-3.0.3-py3-none-any.whl which is vulnerable to CVE-2026-2391 and CVE-2026-27205.
Summary Maximo AI Service uses qs-6.14.1.tgz and flask-3.0.3-py3-none-any.whl which is vulnerable to CVE-2026-2391 and CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit opti...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses python_multipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486
Summary IBM Maximo Application Suite - Visual Inspection component uses pythonmultipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486 This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION:...
Security Bulletin: There is a vulnerability in lodash-4.17.21.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-13465)
Summary There is a vulnerability in lodash-4.17.21.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An...
Security Bulletin: There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-26007)
Summary There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes...
Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199)
Summary There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin...
Security Bulletin: There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-30922)
Summary There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Deni...
Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)
Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...
CVE-2026-4820
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
EUVD-2026-18068
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
CVE-2026-4820
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
CVE-2026-4820
IBM Maximo Application Suite is affected by CVE-2026-4820 due to the session cookie ltpatoken2_ not being marked Secure, enabling potential cookie theft over insecure links. Affected versions: 8.10, 8.11, 9.0, 9.1. Remediations: 8.10.33, 8.11.30, 9.0.19, 9.1.8. CVSS Base score: 4.3 (CWE-614: Sens...
CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
CVE-2026-4820
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
Security Bulletin: IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2_<workspace_name> was not set with secure flag
Summary IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2 was not set with secure flag Vulnerability Details CVEID:CVE-2026-4820 DESCRIPTION: IBM Maximo Application Suite does not set the secure attribute on authorization tokens or session cookies. Attackers m...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite - IoT Component uses assertj-core-3.27.6.jar, minimatch-3.1.2.tgz, flask-3.1.2-py3-none-any.whl and werkzeug-3.1.5-py3-none-any.whl third party dependencies which is vulnerable to CVE-2026-24400, CVE-2026-26996, CVE-2026-27205 and CVE-2026-27199. This bulletin...
IBM Maximo Application Suite 安全漏洞
The IBM Maximo Application Suite is a single platform provided by IBM for intelligent asset management, monitoring, maintenance, computer vision, security, and reliability. There are security vulnerabilities in the 9.1, 9.0, 8.11, and 8.10 versions of the IBM Maximo Application Suite. These...