Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.
AnalysisAI
IBM Maximo Application Suite Monitor Component versions 8.10, 8.11, 9.0, and 9.1 contain an improper neutralization vulnerability in log file handling that allows unauthorized users to inject arbitrary data into log messages. An attacker with local access can manipulate log entries to inject malicious content, potentially leading to log tampering and integrity compromise. While the CVSS score of 4.0 reflects low severity with no confidentiality or availability impact, the vulnerability requires no authentication or special privileges, making it a concern for environments with local access controls.
Technical ContextAI
This vulnerability (CWE-117: Improper Neutralization of Input During Web Page Generation or Log Entry) stems from inadequate input sanitization when writing data to log files in the Monitor component of Maximo Application Suite. The affected products span versions 8.10 through 9.1 as indicated by the CPE (cpe:2.3:a:ibm:maximo_application_suite_-_monitor_component). CWE-117 specifically addresses cases where special characters or control sequences are not properly escaped before being written to logs, allowing attackers to inject log entries that appear legitimate or inject control sequences to manipulate log file parsing. This is distinct from log injection in web applications but follows similar principles where unvalidated user input flows directly into log output streams without proper encoding or filtering.
RemediationAI
Apply the security patch provided by IBM for Maximo Application Suite Monitor Component via the vendor advisory at https://www.ibm.com/support/pages/node/7267481. Affected users should upgrade to the patched version applicable to their deployment (versions 8.10, 8.11, 9.0, or 9.1). Until patches can be deployed, restrict local access to systems running Maximo Monitor component to authorized personnel only, enforce strong access controls on the underlying operating system, and monitor log files for suspicious injection attempts such as control characters or unexpected entries. Additionally, implement centralized log aggregation with integrity checks to detect tampering.
Same weakness CWE-117 – Improper Output Neutralization for Logs
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209038