CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2897 matches found

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp i...

7.5CVSS6.7AI score0.00932EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.

Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.01414EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•26 views

Security Bulletin: There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-31141)

Summary There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused by a...

6.5CVSS6.4AI score0.01129EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•15 views

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

5.3CVSS6.7AI score0.00943EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•18 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 (Medium) detected in netty-common-4.1.114.Final.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-47535

Summary ISecurity Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 Medium detected in netty-common-4.1.114.Final.jar Publicly disclosed vulnerability found by Mend CVE-2024-47535. This bulletin contains information regarding the vulnerability and its fixture...

5.5CVSS6.2AI score0.00408EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•11 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-5206 (Medium) detected in scikit_learn-1.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-5206 Medium detected in scikitlearn-1.1.3-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

4.7CVSS5.9AI score0.00187EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx_10_9_universal2.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52304

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx109universal2.whl Publicly disclosed vulnerability found by Mend CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS6.4AI score0.00571EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•11 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52303

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl Publicly disclosed vulnerability found by Mend CVE-2024-52303. This bulletin contains information regarding the vulnerability and its...

8.7CVSS6.5AI score0.00563EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254. This bulletin contains information regarding the vulnerability and its...

8.7CVSS6.5AI score0.0279EPSS

Exploits0Affected Software1

OSV•added 2025/01/25 3:15 p.m.•2 views

CVE-2024-35150

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries...

5.3CVSS5.8AI score0.00262EPSS

Exploits0References1

OSV•added 2025/01/25 3:15 p.m.•2 views

CVE-2024-35148

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

8.8CVSS5.9AI score0.00331EPSS

Exploits0References1

OSV•added 2025/01/25 3:15 p.m.•1 views

CVE-2024-35145

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.1CVSS5.4AI score0.00238EPSS

Exploits0References1

NVD•added 2025/01/25 3:15 p.m.•11 views

CVE-2024-35145

6.1CVSS0.00238EPSS

Exploits0References1

NVD•added 2025/01/25 3:15 p.m.•15 views

CVE-2024-35148

8.8CVSS0.00331EPSS

Exploits0References1

NVD•added 2025/01/25 3:15 p.m.•10 views

CVE-2024-35150

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries...

5.3CVSS0.00262EPSS

Exploits0References1

OSV•added 2025/01/25 3:15 p.m.•1 views

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

5.3CVSS5.9AI score0.00283EPSS

Exploits0References1

NVD•added 2025/01/25 3:15 p.m.•9 views

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

5.3CVSS0.00283EPSS

Exploits0References1

Cvelist•added 2025/01/25 2:31 p.m.•17 views

CVE-2024-35150 IBM Maximo Application Suite log manipulation

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries...

5.3CVSS0.00262EPSS

Exploits0References1

Vulnrichment•added 2025/01/25 2:31 p.m.•12 views

CVE-2024-35150 IBM Maximo Application Suite log manipulation

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries...

5.3CVSS5.2AI score0.00262EPSS

Exploits0References1

CVE•added 2025/01/25 2:31 p.m.•46 views

CVE-2024-35150

CVE-2024-35150 affects IBM Maximo Application Suite Monitor Component (versions 8.10.12, 8.11.0, 9.0.1, 9.1.0). The vulnerability arises because the Monitor Component does not properly neutralize output written to logs, enabling log forging through injection of false log entries. IBM’s bulletin (...

5.3CVSS5.2AI score0.00262EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by