Skip to main content

Maximo Application Suite CVE-2023-43037

MEDIUM
Improper Input Validation (CWE-20)
2025-04-10 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:36 vuln.today
CVE Published
Apr 10, 2025 - 14:15 nvd
MEDIUM 6.5

DescriptionCVE.org

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.

AnalysisAI

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. Affected products include: Ibm Maximo Application Suite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-27266 HIGH
8.2 Mar 14

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML

CVE-2025-2898 HIGH
7.5 May 06

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a

CVE-2024-37068 HIGH
7.5 Sep 07

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms t

CVE-2024-22328 HIGH
7.5 Apr 06

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. Rated hi

CVE-2024-38314 MEDIUM
5.9 Oct 24

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-

CVE-2023-27861 MEDIUM
5.9 Jun 05

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could

CVE-2025-1500 MEDIUM
5.5 Apr 05

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be e

CVE-2022-41732 MEDIUM
5.5 Nov 28

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated mediu

CVE-2024-35146 MEDIUM
5.4 Nov 06

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. Rated

CVE-2023-32332 MEDIUM
5.4 Sep 08

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection

CVE-2021-29743 MEDIUM
5.4 Aug 30

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.

CVE-2021-29744 MEDIUM
5.4 Aug 27

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), thi

Share

CVE-2023-43037 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy