CVE-2023-32334

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074...

CVE-2023-32332

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-For...

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843...

CVE-2022-46774

IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953...

CVE-2022-43923

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584...

CVE-2022-41734

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587...

CVE-2022-41732

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407...

CVE-2022-43866

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.This bulletin contains information regarding the vulnerability...

Security Bulletin: There is a vulnerability in WebSphere Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-47535)

Summary There is a vulnerability in WebSphere Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Apache poi-ooxml-3.9-20121203 in BIRT (CVE-2016-5000, CVE-2017-12626, CVE-2017-5644, CVE-2019-12415, CVE-2022-26336)

Summary IBM Maximo Asset Management is vulnerable to Apache poi-ooxml-3.9-20121203 in BIRT Vulnerability Details CVEID:CVE-2016-5000 DESCRIPTION: The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external...

Security Bulletin: There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-25193)

Summary There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.5-py3-none-any.whl CVE-2025-27516

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.5-py3-none-any.whl CVE-2025-27516. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prio...

IBM Maximo Application Suite Elevation of Privilege Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM Maximo Application Suite, which stems from...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2024-12720

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2024-12720. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12720 DESCRIPTION: A Regular Expression Denial of Service...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.17-py3-none-any.whl CVE-2024-56374

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.17-py3-none-any.whl CVE-2024-56374. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56374 DESCRIPTION: An issue was discovered in Django 5.1 before...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.117.Final.jar CVE-2025-25193

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.117.Final.jar CVE-2025-25193. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-handler-4.1.117.Final.jar CVE-2025-24970

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-handler-4.1.117.Final.jar CVE-2025-24970. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network...