32 matches found
CVE-2024-22328
CVE-2024-22328 affects IBM Maximo Application Suite (MAS) Manage component in MAS 8.10 and 8.11. A remote attacker can perform path traversal by sending a URL with dot-dot sequences (/../) to view arbitrary files, leading to arbitrary file disclosure. Root cause: CWE-22 (path traversal). CVSS v3....
CVE-2021-29854
CVE-2021-29854 affects IBM Maximo Asset Management core product versions 7.6.1.1 and 7.6.1.2, and the IBM Maximo Manage application in IBM Maximo Application Suite (MAS 8.7-Manage 8.3). Root cause is improper validation of input in HOST headers, enabling HTTP header injection via specially crafte...
CVE-2024-35145
CVE-2024-35145 affects IBM Maximo Application Suite — Monitor Component (v9.0.0). The issue is a cross-site scripting vulnerability that lets an unauthenticated attacker embed JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: insufficien...
CVE-2024-27266
CVE-2024-27266 affects IBM Maximo Application Suite in the Maximo Asset Management/Manage component (example: MAS 7.6.1.3). The vulnerability is XML External Entity (XXE) processing, enabling a remote attacker to disclose sensitive data or consume memory resources. IBM and Red Hat/IBM bulletin re...
CVE-2022-35645
The CVE-2022-35645 issue affects IBM Maximo Asset Management core products versions 7.6.1.1–7.6.1.3 and IBM Maximo Application Suite versions 8.8–8.9, with stored cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted s...
CVE-2021-38924
Summary of CVE-2021-38924 (IBM Maximo Asset Management) : IBM Maximo Asset Management and the IBM Maximo Manage application in the Maximo Application Suite are affected by an information-disclosure vulnerability. A remote attacker could obtain sensitive information when a detailed technical error...
CVE-2022-35281
CVE-2022-35281 affects IBM Maximo Asset Management versions 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Manage in IBM Maximo Application Suite versions 8.3 and 8.4. The issue is described as CSV injection vulnerability. The Red Hat and IBM bulletins confirm the affected product set and provide remed...
CVE-2023-32332
CVE-2023-32332 affects IBM Maximo Application Suite (MAS) versions 8.9–8.10 and IBM Maximo Asset Management (MAM) 7.6.1.2–7.6.1.3, vulnerable to HTML injection that could allow a remote attacker to cause HTML/JS execution in the browser under the hosting site’s security context. The Red Hat/IBM a...
CVE-2022-41732
IBM Maximo Mobile 8.7 and 8.8 are affected by CVE-2022-41732 due to storing user credentials in plaintext, enabling local reading of credentials. Affected products include IBM Maximo Mobile in the Maximo Application Suite (MAS) versions 8.7 and 8.8, and IBM Maximo Mobile for EAM in MAS 8.7 and 8....
CVE-2025-2898
IBM Maximo Application Suite 9.0 contains an elevation-of-privilege vulnerability arising from misconfigured RBAC permissions in the Role-Based Access Control settings. The issue affects the Location Service for Esri Component (9.0) and can be exploited by an attacker with some level of access to...
CVE-2024-22333
CVE-2024-22333 affects IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10–8.11. The vulnerability enables storing web pages locally on the system, which can be read by another user (information disclosure). The IBM advisories and Red Hat/RH-enriched sources confirm the affe...
CVE-2024-35144
The CVE-2024-35144 case affects IBM Maximo Application Suite Monitor Component (versions 8.10, 8.11, 9.0). Description: the Monitor Component stores source code on the web server, creating potential disclosure of sensitive information (CWE-540). Impact is information disclosure that could aid fur...
CVE-2024-37068
CVE-2024-37068 affects IBM Maximo Application Suite – Manage Component (MAS) versions 8.10, 8.11, and 9.0. The root cause is the use of weaker-than-expected cryptographic algorithms, enabling potential decryption of highly sensitive information via man-in-the-middle techniques. Impact is informat...
CVE-2024-35148
Summary of CVE-2024-35148 : IBM Maximo Application Suite – Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected Monitor Component versions include 8.10.10, 8.11.7, an...
CVE-2022-41734
CVE-2022-41734 affects IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 (and related MAS Manage components) where remote attackers can obtain sensitive information via detailed browser error messages, enabling information disclosure. The issue is a result of insufficient protection of sensitive da...
CVE-2022-43923
CVE-2022-43923 affects IBM Maximo Application Suite, specifically the Maximo Manage component within MAS versions 8.8.0 and 8.9.0 , where potentially sensitive information could be readable by a local user (information disclosure). The Red Hat and IBM security bulletin corroborates the affected p...
CVE-2024-35146
IBM Maximo Application Suite – Monitor Component (versions 8.10.11, 8.11.8, 9.0.0) is affected by a cross-site scripting (CSS) vulnerability in the Web UI that allows an unauthenticated attacker to inject arbitrary JavaScript, potentially leading to credential disclosure within a trusted session....
CVE-2023-38723
IBM Maximo Application Suite (CVE-2023-38723) is reported as a stored cross-site scripting vulnerability affecting the Maximo Manage component. The IBM Security Bulletin lists affected MAS versions: MAS Manage 8.10.0–8.6.0 and MAS Manage 8.11.0–8.6.0, with fixed releases recommended as MAS 8.10.7...
CVE-2021-29744
IBM Maximo Asset Management 7.6.0.x and 7.6.1.x are affected by a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credential disclosure in a trusted session. The issue is documented with CVE-2021-29744 and has a CVSS v3.1 ba...
CVE-2023-27861
CVE-2023-27861 affects IBM Maximo Application Suite – Manage Component versions 8.8.0 and 8.9.0, where sensitive information is transmitted in cleartext, enabling potential disclosure via man-in-the-middle. Root cause: insecure communication in the Manage component. Impact per sources: informatio...
CVE-2023-32334
Summary. CVE-2023-32334 affects IBM Maximo Asset Management 7.6.1.2–7.6.1.3 and IBM Maximo Application Suite (MAS) 8.8.0. The root cause is storing sensitive information in URL parameters, which can disclose data if URLs are exposed in server logs, referrer headers, or browser history. Impact. In...
CVE-2023-43037
CVE-2023-43037 affects IBM Maximo Application Suite versions 8.11 and 9.0. The root cause is improper input validation, allowing an authenticated user to perform unauthorized actions. According to IBM and multiple feeds, the vulnerability has a CVSS v3.1 base score of 6.5 (Medium) with privileges...
CVE-2024-35150
CVE-2024-35150 affects IBM Maximo Application Suite Monitor Component (versions 8.10.12, 8.11.0, 9.0.1, 9.1.0). The vulnerability arises because the Monitor Component does not properly neutralize output written to logs, enabling log forging through injection of false log entries. IBM’s bulletin (...
CVE-2023-32337
CVE-2023-32337: IBM Maximo Spatial Asset Management is affected by a server-side request forgery (SSRF). IBM and Red Hat advisories confirm the vulnerability and list affected variants, including IBM Maximo Spatial Asset Management 7.6.1.0 and 7.6.1.1. The issue allows an authenticated attacker t...
CVE-2024-38314
CVE-2024-38314 affects IBM Maximo Application Suite - Monitor Component (versions 8.10, 8.11, 9.0). The root cause is a hard-coded cryptographic key that could disclose secret information to an attacker in a compromised environment, leading to information disclosure. IBM’s advisory lists remediat...
CVE-2025-1500
CVE-2025-1500 affects IBM Maximo Application Suite 9.0 and involves an Unrestricted File Upload vulnerability (CWE-434) that could let an authenticated user upload a file with dangerous types, potentially executable by another user. IBM’s security bulletin states the impact is limited to controll...
CVE-2021-29743
CVE-2021-29743 concerns IBM Maximo Asset Management core products: 7.6.0.x and 7.6.1.x, affected by a stored cross‑site scripting vulnerability in the web UI that could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM Security...
CVE-2023-32335
Summary: CVE-2023-32335 affects IBM Maximo Application Suite and IBM Maximo Asset Management. Affected versions: MAS 8.10–8.11 and IBM Maximo Asset Management 7.6.1.3. Root cause / impact: The vulnerable components store sensitive information in URL parameters, enabling information disclosure if ...
CVE-2023-47718
CVE-2023-47718 affects IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10–8.11, with a cross-site request forgery (CSRF) flaw that could allow an attacker to perform authenticated actions on behalf of a trusted user. The issue is caused by CSRF token handling in IBM Maximo Manage/Asset...
CVE-2025-36386
CVE-2025-36386 affects IBM Maximo Application Suite: MAS Manage component versions 9.0.0–9.0.15 and 9.1.0–9.1.4, where a flaw in MXCSP integration with Cognos Analytics allows a remote attacker to bypass authentication and gain full access. The vulnerability is linked to authentication bypass by ...
CVE-2026-4820
CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...
CVE-2025-14684
CVE-2025-14684 affects IBM Maximo Application Suite - Monitor Component. Root cause: improper neutralization of special elements when written to log files, enabling log forgery. Affected versions: Monitor Component 8.10, 8.11, 9.0, 9.1. Remediation/fixes: update to Monitor Component versions 8.10...