20 matches found
Security Bulletin: There is a vulnerability in uuid-9.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41988)
Summary There is a vulnerability in uuid-9.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...
Security Bulletin: There is a vulnerability in requests-2.32.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-25645)
Summary There is a vulnerability in requests-2.32.5-py3-none-any.whlused by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility...
CVE-2026-4820
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
EUVD-2026-18068
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
Security Bulletin: There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21441)
Summary There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient...
Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410
Summary IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "bcpkix-jdk18on-1.78.1.jar, golang.org/x/net/html v0.26.0 v0.33.0 , java 17.0.13 11.0.25, github.com/docker/docker v27.3.1 v25.0.6, github.com/go-viper/mapstructure/v2, golang.org/x/net/proxy v0.33.0,github.com/ulikunitz/xz v0.5.11 " which are vulnerable ...
Security Bulletin: WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.js
Summary WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.jsCVE-2020-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "serve-static-1.15.0.tgz, cookie-0.6.0.tgz, send-0.18.0.tgz, express-4.19.2.tgz, requests v2.25.1, idna v2.1" which are vulnerable to "CVE-2024-43800, CVE-2024-47764, CVE-2024-43799, CVE-2024-43796, CVE-2023-32681, CVE-2024-35195, CVE-2024-3651". This...
Security Bulletin: There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics
Summary There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite, when used with stand alone Cognos Analytics, where MXCSP is used for integration. A remote attacker could bypass authentication mechanisms and gain unauthorized access to Cognos Analytics...
CVE-2025-36386
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...
Security Bulletin: There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-50181,CVE-2025-50182)
Summary There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to http-proxy-middleware-2.0.7.tgz CVE-2025-32997
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to http-proxy-middleware-2.0.7.tgz CVE-2025-32997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-32997 DESCRIPTION: In http-proxy-middleware before 2.0.9 and 3....
CVE-2023-32332
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-For...
CVE-2023-43037
IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation...
CVE-2024-35144
IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...
CVE-2024-35145 IBM Maximo Application Suite cross-site scripting
IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2023-32332 IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-For...
PT-2023-21380 · Ibm · Ibm Maximo Application Suite
Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite - Manage Component versions 8.8.0 through 8.9.0 Description: The issue concerns the transmission of sensitive information in cleartext, which could be intercepted by an attacker using man-in-the-middle techniques...