Skip to main content

Maximo Asset Management CVE-2025-2987

LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2025-04-22 psirt@us.ibm.com
3.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.8 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:38 vuln.today
CVE Published
Apr 22, 2025 - 00:15 nvd
LOW 3.8

DescriptionCVE.org

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

AnalysisAI

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Affected products include: Ibm Maximo Asset Management.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2015-0104 HIGH POC
8.8 Apr 24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database

CVE-2020-4463 HIGH POC
8.2 Jul 29

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when proc

CVE-2015-0107 MEDIUM POC
6.5 Apr 24

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database

CVE-2017-1175 CRITICAL
9.8 Jul 05

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this v

CVE-2021-20509 CRITICAL
9.8 Aug 12

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.

CVE-2020-4493 CRITICAL
9.8 Oct 05

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a

CVE-2016-9984 HIGH
8.8 Jun 13

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the

CVE-2016-9977 HIGH
8.8 Jun 07

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the fa

CVE-2016-9976 HIGH
8.4 May 03

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. Rated high sever

CVE-2020-4521 HIGH
8.8 Sep 15

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the

CVE-2018-1699 HIGH
8.8 Aug 24

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulne

CVE-2018-1524 HIGH
8.8 Aug 03

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could

Share

CVE-2025-2987 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy