Maximo Application Suite Security Vulnerabilities and Issues — Maximo Application Suite CVE List

Lucene search

IbmMaximo Application Suite

10 matches found

CVE•added 2024/04/06 12:15 p.m.•92 views

CVE-2024-22328

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.

7.5CVSS7.3AI score0.00043EPSS

CVE•added 2024/03/14 7:15 p.m.•69 views

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.

8.2CVSS8.1AI score0.00026EPSS

CVE•added 2024/06/13 2:15 p.m.•51 views

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973.

3.3CVSS3.2AI score0.00022EPSS

CVE•added 2024/09/07 2:15 p.m.•49 views

CVE-2024-37068

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

7.5CVSS5.8AI score0.00043EPSS

CVE•added 2024/11/06 3:15 p.m.•44 views

CVE-2024-35146

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

5.4CVSS5.3AI score0.00263EPSS

CVE•added 2024/03/13 10:15 a.m.•38 views

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192...

6.4CVSS5.8AI score0.00068EPSS

CVE•added 2024/10/24 6:15 p.m.•38 views

CVE-2024-38314

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

5.9CVSS5.5AI score0.0006EPSS

CVE•added 2024/01/19 2:15 a.m.•34 views

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

5.4CVSS5.3AI score0.00042EPSS

CVE•added 2024/01/19 2:15 a.m.•27 views

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

8.8CVSS8.3AI score0.00042EPSS

CVE•added 2024/03/13 10:15 a.m.•24 views

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.

7.5CVSS3.6AI score0.00077EPSS