Lucene search
K
IbmMaximo Application Suite

32 matches found

CVE
CVE
added 2024/04/06 11:40 a.m.119 views

CVE-2024-22328

CVE-2024-22328 affects IBM Maximo Application Suite (MAS) Manage component in MAS 8.10 and 8.11. A remote attacker can perform path traversal by sending a URL with dot-dot sequences (/../) to view arbitrary files, leading to arbitrary file disclosure. Root cause: CWE-22 (path traversal). CVSS v3....

7.5CVSS7.3AI score0.00843EPSS
CVE
CVE
added 2022/05/03 6:20 p.m.92 views

CVE-2021-29854

CVE-2021-29854 affects IBM Maximo Asset Management core product versions 7.6.1.1 and 7.6.1.2, and the IBM Maximo Manage application in IBM Maximo Application Suite (MAS 8.7-Manage 8.3). Root cause is improper validation of input in HOST headers, enabling HTTP header injection via specially crafte...

7.2CVSS6.7AI score0.01063EPSS
CVE
CVE
added 2025/01/25 2:21 p.m.91 views

CVE-2024-35145

CVE-2024-35145 affects IBM Maximo Application Suite — Monitor Component (v9.0.0). The issue is a cross-site scripting vulnerability that lets an unauthenticated attacker embed JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause: insufficien...

6.1CVSS6.1AI score0.00248EPSS
CVE
CVE
added 2024/03/14 6:32 p.m.83 views

CVE-2024-27266

CVE-2024-27266 affects IBM Maximo Application Suite in the Maximo Asset Management/Manage component (example: MAS 7.6.1.3). The vulnerability is XML External Entity (XXE) processing, enabling a remote attacker to disclose sensitive data or consume memory resources. IBM and Red Hat/IBM bulletin re...

8.2CVSS8.1AI score0.00847EPSS
CVE
CVE
added 2023/03/02 8:14 p.m.81 views

CVE-2022-35645

The CVE-2022-35645 issue affects IBM Maximo Asset Management core products versions 7.6.1.1–7.6.1.3 and IBM Maximo Application Suite versions 8.8–8.9, with stored cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted s...

6.4CVSS5.3AI score0.00493EPSS
CVE
CVE
added 2022/09/14 4:20 p.m.72 views

CVE-2021-38924

Summary of CVE-2021-38924 (IBM Maximo Asset Management) : IBM Maximo Asset Management and the IBM Maximo Manage application in the Maximo Application Suite are affected by an information-disclosure vulnerability. A remote attacker could obtain sensitive information when a detailed technical error...

7.5CVSS7AI score0.00825EPSS
CVE
CVE
added 2023/01/06 4:50 p.m.69 views

CVE-2022-35281

CVE-2022-35281 affects IBM Maximo Asset Management versions 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Manage in IBM Maximo Application Suite versions 8.3 and 8.4. The issue is described as CSV injection vulnerability. The Red Hat and IBM bulletins confirm the affected product set and provide remed...

8.8CVSS7AI score0.00505EPSS
CVE
CVE
added 2023/09/08 7:55 p.m.68 views

CVE-2023-32332

CVE-2023-32332 affects IBM Maximo Application Suite (MAS) versions 8.9–8.10 and IBM Maximo Asset Management (MAM) 7.6.1.2–7.6.1.3, vulnerable to HTML injection that could allow a remote attacker to cause HTML/JS execution in the browser under the hosting site’s security context. The Red Hat/IBM a...

5.4CVSS5.5AI score0.00493EPSS
CVE
CVE
added 2022/11/28 4:30 p.m.66 views

CVE-2022-41732

IBM Maximo Mobile 8.7 and 8.8 are affected by CVE-2022-41732 due to storing user credentials in plaintext, enabling local reading of credentials. Affected products include IBM Maximo Mobile in the Maximo Application Suite (MAS) versions 8.7 and 8.8, and IBM Maximo Mobile for EAM in MAS 8.7 and 8....

6.2CVSS5.3AI score0.00166EPSS
CVE
CVE
added 2025/05/06 2:41 p.m.65 views

CVE-2025-2898

IBM Maximo Application Suite 9.0 contains an elevation-of-privilege vulnerability arising from misconfigured RBAC permissions in the Role-Based Access Control settings. The issue affects the Location Service for Esri Component (9.0) and can be exploited by an attacker with some level of access to...

8.8CVSS7.4AI score0.00279EPSS
CVE
CVE
added 2024/06/13 1:55 p.m.63 views

CVE-2024-22333

CVE-2024-22333 affects IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10–8.11. The vulnerability enables storing web pages locally on the system, which can be read by another user (information disclosure). The IBM advisories and Red Hat/RH-enriched sources confirm the affe...

3.3CVSS3.2AI score0.0018EPSS
CVE
CVE
added 2025/01/25 2:24 p.m.63 views

CVE-2024-35144

The CVE-2024-35144 case affects IBM Maximo Application Suite Monitor Component (versions 8.10, 8.11, 9.0). Description: the Monitor Component stores source code on the web server, creating potential disclosure of sensitive information (CWE-540). Impact is information disclosure that could aid fur...

5.3CVSS5.4AI score0.00295EPSS
CVE
CVE
added 2024/09/07 1:43 p.m.62 views

CVE-2024-37068

CVE-2024-37068 affects IBM Maximo Application Suite – Manage Component (MAS) versions 8.10, 8.11, and 9.0. The root cause is the use of weaker-than-expected cryptographic algorithms, enabling potential decryption of highly sensitive information via man-in-the-middle techniques. Impact is informat...

7.5CVSS5.8AI score0.00247EPSS
CVE
CVE
added 2025/01/25 2:28 p.m.58 views

CVE-2024-35148

Summary of CVE-2024-35148 : IBM Maximo Application Suite – Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected Monitor Component versions include 8.10.10, 8.11.7, an...

8.8CVSS6.7AI score0.00346EPSS
CVE
CVE
added 2023/02/17 5:38 p.m.57 views

CVE-2022-41734

CVE-2022-41734 affects IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 (and related MAS Manage components) where remote attackers can obtain sensitive information via detailed browser error messages, enabling information disclosure. The issue is a result of insufficient protection of sensitive da...

7.5CVSS5.8AI score0.00503EPSS
CVE
CVE
added 2023/02/24 2:13 p.m.56 views

CVE-2022-43923

CVE-2022-43923 affects IBM Maximo Application Suite, specifically the Maximo Manage component within MAS versions 8.8.0 and 8.9.0 , where potentially sensitive information could be readable by a local user (information disclosure). The Red Hat and IBM security bulletin corroborates the affected p...

6.2CVSS5AI score0.00189EPSS
CVE
CVE
added 2024/11/06 2:16 p.m.55 views

CVE-2024-35146

IBM Maximo Application Suite – Monitor Component (versions 8.10.11, 8.11.8, 9.0.0) is affected by a cross-site scripting (CSS) vulnerability in the Web UI that allows an unauthenticated attacker to inject arbitrary JavaScript, potentially leading to credential disclosure within a trusted session....

5.4CVSS5.3AI score0.00246EPSS
CVE
CVE
added 2024/03/13 9:16 a.m.54 views

CVE-2023-38723

IBM Maximo Application Suite (CVE-2023-38723) is reported as a stored cross-site scripting vulnerability affecting the Maximo Manage component. The IBM Security Bulletin lists affected MAS versions: MAS Manage 8.10.0–8.6.0 and MAS Manage 8.11.0–8.6.0, with fixed releases recommended as MAS 8.10.7...

6.4CVSS5.8AI score0.00315EPSS
CVE
CVE
added 2021/08/27 3:20 p.m.53 views

CVE-2021-29744

IBM Maximo Asset Management 7.6.0.x and 7.6.1.x are affected by a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript, potentially leading to credential disclosure in a trusted session. The issue is documented with CVE-2021-29744 and has a CVSS v3.1 ba...

5.4CVSS5.2AI score0.00495EPSS
CVE
CVE
added 2023/06/05 12:23 a.m.53 views

CVE-2023-27861

CVE-2023-27861 affects IBM Maximo Application Suite – Manage Component versions 8.8.0 and 8.9.0, where sensitive information is transmitted in cleartext, enabling potential disclosure via man-in-the-middle. Root cause: insecure communication in the Manage component. Impact per sources: informatio...

5.9CVSS5.4AI score0.00338EPSS
CVE
CVE
added 2023/06/05 12:44 a.m.53 views

CVE-2023-32334

Summary. CVE-2023-32334 affects IBM Maximo Asset Management 7.6.1.2–7.6.1.3 and IBM Maximo Application Suite (MAS) 8.8.0. The root cause is storing sensitive information in URL parameters, which can disclose data if URLs are exposed in server logs, referrer headers, or browser history. Impact. In...

5.3CVSS4.4AI score0.00642EPSS
CVE
CVE
added 2025/04/10 1:19 p.m.53 views

CVE-2023-43037

CVE-2023-43037 affects IBM Maximo Application Suite versions 8.11 and 9.0. The root cause is improper input validation, allowing an authenticated user to perform unauthorized actions. According to IBM and multiple feeds, the vulnerability has a CVSS v3.1 base score of 6.5 (Medium) with privileges...

6.5CVSS6.3AI score0.0029EPSS
CVE
CVE
added 2025/01/25 2:31 p.m.51 views

CVE-2024-35150

CVE-2024-35150 affects IBM Maximo Application Suite Monitor Component (versions 8.10.12, 8.11.0, 9.0.1, 9.1.0). The vulnerability arises because the Monitor Component does not properly neutralize output written to logs, enabling log forging through injection of false log entries. IBM’s bulletin (...

5.3CVSS5.2AI score0.00273EPSS
CVE
CVE
added 2024/01/19 1:17 a.m.50 views

CVE-2023-32337

CVE-2023-32337: IBM Maximo Spatial Asset Management is affected by a server-side request forgery (SSRF). IBM and Red Hat advisories confirm the vulnerability and list affected variants, including IBM Maximo Spatial Asset Management 7.6.1.0 and 7.6.1.1. The issue allows an authenticated attacker t...

5.4CVSS5.3AI score0.00281EPSS
CVE
CVE
added 2024/10/24 5:23 p.m.49 views

CVE-2024-38314

CVE-2024-38314 affects IBM Maximo Application Suite - Monitor Component (versions 8.10, 8.11, 9.0). The root cause is a hard-coded cryptographic key that could disclose secret information to an attacker in a compromised environment, leading to information disclosure. IBM’s advisory lists remediat...

5.9CVSS5.5AI score0.00306EPSS
CVE
CVE
added 2025/04/05 12:28 a.m.49 views

CVE-2025-1500

CVE-2025-1500 affects IBM Maximo Application Suite 9.0 and involves an Unrestricted File Upload vulnerability (CWE-434) that could let an authenticated user upload a file with dangerous types, potentially executable by another user. IBM’s security bulletin states the impact is limited to controll...

8CVSS6.6AI score0.00242EPSS
CVE
CVE
added 2021/08/30 5:0 p.m.47 views

CVE-2021-29743

CVE-2021-29743 concerns IBM Maximo Asset Management core products: 7.6.0.x and 7.6.1.x, affected by a stored cross‑site scripting vulnerability in the web UI that could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM Security...

6.4CVSS5.2AI score0.00495EPSS
CVE
CVE
added 2024/03/13 9:23 a.m.39 views

CVE-2023-32335

Summary: CVE-2023-32335 affects IBM Maximo Application Suite and IBM Maximo Asset Management. Affected versions: MAS 8.10–8.11 and IBM Maximo Asset Management 7.6.1.3. Root cause / impact: The vulnerable components store sensitive information in URL parameters, enabling information disclosure if ...

7.5CVSS3.6AI score0.00503EPSS
CVE
CVE
added 2024/01/19 1:14 a.m.39 views

CVE-2023-47718

CVE-2023-47718 affects IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10–8.11, with a cross-site request forgery (CSRF) flaw that could allow an attacker to perform authenticated actions on behalf of a trusted user. The issue is caused by CSRF token handling in IBM Maximo Manage/Asset...

8.8CVSS8.3AI score0.00295EPSS
CVE
CVE
added 2025/10/28 3:56 p.m.26 views

CVE-2025-36386

CVE-2025-36386 affects IBM Maximo Application Suite: MAS Manage component versions 9.0.0–9.0.15 and 9.1.0–9.1.4, where a flaw in MXCSP integration with Cognos Analytics allows a remote attacker to bypass authentication and gain full access. The vulnerability is linked to authentication bypass by ...

9.8CVSS6.6AI score0.00528EPSS
CVE
CVE
added 2026/04/01 8:54 p.m.11 views

CVE-2026-4820

CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...

4.3CVSS5.8AI score0.00118EPSS
CVE
CVE
added 2026/03/25 9:22 p.m.9 views

CVE-2025-14684

CVE-2025-14684 affects IBM Maximo Application Suite - Monitor Component. Root cause: improper neutralization of special elements when written to log files, enabling log forgery. Affected versions: Monitor Component 8.10, 8.11, 9.0, 9.1. Remediation/fixes: update to Monitor Component versions 8.10...

4CVSS5.8AI score0.00135EPSS