Maximo Application Suite Security Vulnerabilities and Issues — Maximo Application Suite CVE List

Lucene search

IbmMaximo Application Suite

9 matches found

CVE•added 2023/09/08 8:15 p.m.•55 views

CVE-2023-32332

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force...

5.4CVSS5.5AI score0.0005EPSS

CVE•added 2025/01/25 3:15 p.m.•44 views

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.

5.3CVSS5.4AI score0.00042EPSS

CVE•added 2024/11/06 3:15 p.m.•44 views

CVE-2024-35146

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

5.4CVSS5.3AI score0.00237EPSS

CVE•added 2021/08/27 4:15 p.m.•39 views

CVE-2021-29744

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694...

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2025/01/25 3:15 p.m.•38 views

CVE-2024-35150

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.

5.3CVSS5.2AI score0.00044EPSS

CVE•added 2024/10/24 6:15 p.m.•38 views

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

5.9CVSS5.5AI score0.0006EPSS

CVE•added 2023/06/05 1:15 a.m.•37 views

CVE-2023-27861

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.

5.9CVSS5.4AI score0.00025EPSS

CVE•added 2023/06/05 1:15 a.m.•34 views

CVE-2023-32334

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.

5.3CVSS4.4AI score0.00076EPSS

CVE•added 2024/01/19 2:15 a.m.•34 views

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

5.4CVSS5.3AI score0.00042EPSS