Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-12797

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux228x8664.whl CVE-2024-12797. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...

IBM Maximo Application Suite 安全漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM Maximo Application Suite, which stems from...

PT-2025-19898 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite version 9.0 Description: The issue is related to a security configuration vulnerability in Role-Based Access Control RBAC configurations, which could allow an attacker with some level of access to elevate their...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-context-6.1.11.jar CVE-2024-38820

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-context-6.1.11.jar CVE-2024-38820. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weaker...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a possible denial-of- service for Python-idna CVE-2024-3651

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to a possible denial-of- service for Python-idna CVE-2024-3651. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to...

Security Bulletin: IBM Maximo Application Suite - MVI Component component uses freetype which is vulnerable to this CVE-2025-27363

Summary Security Bulletin: IBM Maximo Application Suite - MVI Component component uses freetype which is vulnerable to this CVE-2025-27363 Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not...

Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload( CVE-2024-45088)

Summary IBM Maximo Asset Management is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2025-09283)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Jinja is an extensible templating engine. Jinja sandboxed environment interacts with the attr filter allows an attacker to attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Jinja is an extensible templating engine. Jinja sandboxed environment interacts with the attr filter allows an attacker to attack.This bulletin contains information regarding the vulnerability and its fixture...

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2987

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery (SSRF) + Information Disclosure (CVE-2025-2987)

Summary IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery SSRF + Information Disclosure. Vulnerability Details CVEID:CVE-2025-2987 DESCRIPTION: IBM Maximo Asset Management is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2025-2986)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting which could allow a privileged user to embed arbitrary JavaScript code in the Web UI CVE-2025-2986. Vulnerability Details CVEID:CVE-2025-2986 DESCRIPTION: IBM Maximo Asset Management is vulnerable to stored cross-site...

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2986 IBM Maximo Asset Management cross-site scripting

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2986 IBM Maximo Asset Management cross-site scripting

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting due to insufficient filtering/escaping of user-supplied data in the Web UI, enabling a privileged user to embed arbitrary JavaScript and potentially causing credential disclosure within a trusted session. Affected pr...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (WebSphere Application Server traditional is vulnerable to SSRF)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797)

Summary There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server...