Skip to main content

Maximo Application Suite CVE-2024-38314

MEDIUM
Use of Hard-coded Cryptographic Key (CWE-321)
2024-10-24 psirt@us.ibm.com
5.9
CVSS 3.1 · Vendor: us
Share

Severity by source

Vendor (us) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (us) · only source for this CVE.

CVSS VectorVendor: us

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 24, 2024 - 18:15 cve.org
MEDIUM 5.9

DescriptionCVE.org

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.

AnalysisAI

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-321. IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Affected products include: Ibm Maximo Application Suite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-27266 HIGH
8.2 Mar 14

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML

CVE-2025-2898 HIGH
7.5 May 06

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a

CVE-2024-37068 HIGH
7.5 Sep 07

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms t

CVE-2024-22328 HIGH
7.5 Apr 06

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. Rated hi

CVE-2023-43037 MEDIUM
6.5 Apr 10

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to impro

CVE-2023-27861 MEDIUM
5.9 Jun 05

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could

CVE-2025-1500 MEDIUM
5.5 Apr 05

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be e

CVE-2022-41732 MEDIUM
5.5 Nov 28

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated mediu

CVE-2024-35146 MEDIUM
5.4 Nov 06

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. Rated

CVE-2023-32332 MEDIUM
5.4 Sep 08

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection

CVE-2021-29743 MEDIUM
5.4 Aug 30

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.

CVE-2021-29744 MEDIUM
5.4 Aug 27

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), thi

Share

CVE-2024-38314 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy