PT-2026-29623

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses wheel-0.41.3-py3-none-any.whl, orjson-3.10.14-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, pythonmultipart-0.0.21-py3-none-any.whl, pyasn1-0.6.1.tar.gz, sentencepiece-0.2.0-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, tar-7.4.3.tgz, tar-7.5.2.tgz...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses transformers-4.48.3-py3-none-any.whl, transformers-4.50.0-py3-none-any.whl, transformers-4.52.1-py3-none-any.whl, transformers-4.53.0-py3-none-any.whl, transformers-4.57.3-py3-none-any.whl, urllib3-1.26.19-py2.py3-none-any.whl, urllib3-2.1.0-py3-none-any.whl,...

Security Bulletin: Maximo AI Service uses werkzeug-3.1.4-py3-none-any.whl, filelock-3.20.1-py3-none-any.whl which is vulnerable to CVE-2026-21860 and CVE-2026-22701.

Summary Maximo AI Service uses werkzeug-3.1.4-py3-none-any.whl, filelock-3.20.1-py3-none-any.whl which is vulnerable to CVE-2026-21860 and CVE-2026-22701. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelo...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873

Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775.

Summary IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-0775 DESCRIPTION: npm cli Incorrect Permission...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: I...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049.

Summary IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007.

Summary IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses multiple jar packages which are vulnerable to CVE-2025-24970, CVE-2025-55163.

Summary IBM Maximo Application Suite - Monitor Component uses multiple jar packages which are vulnerable to CVE-2025-24970, CVE-2025-55163. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.

Summary IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...

CVE-2025-14684

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

EUVD-2025-209038

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

CVE-2025-14684

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...

CVE-2025-14684

CVE-2025-14684 affects IBM Maximo Application Suite - Monitor Component. Root cause: improper neutralization of special elements when written to log files, enabling log forgery. Affected versions: Monitor Component 8.10, 8.11, 9.0, 9.1. Remediation/fixes: update to Monitor Component versions 8.10...

CVE-2025-14684 IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...