Lucene search

K
IbmMaximo Application Suite

29 matches found

CVE
CVE
added 2024/04/06 12:15 p.m.92 views

CVE-2024-22328

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.

7.5CVSS7.3AI score0.00043EPSS
CVE
CVE
added 2022/05/03 7:15 p.m.81 views

CVE-2021-29854

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attack...

7.2CVSS6.7AI score0.00057EPSS
CVE
CVE
added 2025/01/25 3:15 p.m.73 views

CVE-2024-35145

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

6.1CVSS6.1AI score0.00078EPSS
CVE
CVE
added 2024/03/14 7:15 p.m.69 views

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.

8.2CVSS8.1AI score0.0002EPSS
CVE
CVE
added 2023/03/02 9:15 p.m.67 views

CVE-2022-35645

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

6.4CVSS5.3AI score0.00079EPSS
CVE
CVE
added 2023/01/09 8:15 a.m.59 views

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

8.8CVSS7AI score0.00136EPSS
CVE
CVE
added 2022/09/14 5:15 p.m.55 views

CVE-2021-38924

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163.

7.5CVSS7AI score0.00053EPSS
CVE
CVE
added 2023/09/08 8:15 p.m.55 views

CVE-2023-32332

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force...

5.4CVSS5.5AI score0.0005EPSS
CVE
CVE
added 2022/11/28 5:15 p.m.51 views

CVE-2022-41732

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.

6.2CVSS5.3AI score0.00018EPSS
CVE
CVE
added 2024/06/13 2:15 p.m.51 views

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.

3.3CVSS3.2AI score0.00022EPSS
CVE
CVE
added 2024/09/07 2:15 p.m.49 views

CVE-2024-37068

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

7.5CVSS5.8AI score0.00043EPSS
CVE
CVE
added 2025/05/06 3:16 p.m.49 views

CVE-2025-2898

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.

8.8CVSS7.4AI score0.00054EPSS
CVE
CVE
added 2023/02/17 6:15 p.m.45 views

CVE-2022-41734

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587.

7.5CVSS5.8AI score0.00019EPSS
CVE
CVE
added 2025/01/25 3:15 p.m.45 views

CVE-2024-35148

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

8.8CVSS6.7AI score0.00057EPSS
CVE
CVE
added 2025/01/25 3:15 p.m.44 views

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.

5.3CVSS5.4AI score0.00042EPSS
CVE
CVE
added 2024/11/06 3:15 p.m.44 views

CVE-2024-35146

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

5.4CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2023/02/24 3:15 p.m.41 views

CVE-2022-43923

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.

6.2CVSS5AI score0.00022EPSS
CVE
CVE
added 2025/04/10 2:15 p.m.40 views

CVE-2023-43037

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.

6.5CVSS6.3AI score0.00062EPSS
CVE
CVE
added 2021/08/27 4:15 p.m.39 views

CVE-2021-29744

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694...

5.4CVSS5.2AI score0.00215EPSS
CVE
CVE
added 2024/03/13 10:15 a.m.38 views

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192...

6.4CVSS5.8AI score0.0005EPSS
CVE
CVE
added 2025/01/25 3:15 p.m.38 views

CVE-2024-35150

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.

5.3CVSS5.2AI score0.00044EPSS
CVE
CVE
added 2024/10/24 6:15 p.m.38 views

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

5.9CVSS5.5AI score0.0006EPSS
CVE
CVE
added 2021/08/30 5:15 p.m.37 views

CVE-2021-29743

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

6.4CVSS5.2AI score0.00204EPSS
CVE
CVE
added 2023/06/05 1:15 a.m.37 views

CVE-2023-27861

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.

5.9CVSS5.4AI score0.00025EPSS
CVE
CVE
added 2023/06/05 1:15 a.m.34 views

CVE-2023-32334

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.

5.3CVSS4.4AI score0.00076EPSS
CVE
CVE
added 2024/01/19 2:15 a.m.34 views

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

5.4CVSS5.3AI score0.00042EPSS
CVE
CVE
added 2025/04/05 1:15 a.m.31 views

CVE-2025-1500

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

8CVSS6.6AI score0.00053EPSS
CVE
CVE
added 2024/01/19 2:15 a.m.27 views

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

8.8CVSS8.3AI score0.00042EPSS
CVE
CVE
added 2024/03/13 10:15 a.m.24 views

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.

7.5CVSS3.6AI score0.00057EPSS