Skip to main content

Maximo Application Suite

19 CVEs product

Monthly

CVE-2025-2898 HIGH This Week

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-43037 MEDIUM This Month

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Maximo Application Suite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1500 MEDIUM This Month

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Maximo Application Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35150 MEDIUM This Month

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Application Suite
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35148 MEDIUM This Month

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Maximo Application Suite
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-35145 MEDIUM This Month

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-35144 MEDIUM This Month

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35146 MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-38314 MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-37068 HIGH This Week

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-22333 LOW Monitor

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-22328 HIGH This Week

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-27266 HIGH PATCH This Week

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Maximo Application Suite
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-32332 MEDIUM This Month

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-32334 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-27861 MEDIUM This Month

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-41732 MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29743 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29744 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Maximo Application Suite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Maximo Application Suite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Maximo Application Suite
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Maximo Application Suite
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Application Suite
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
EPSS 0% CVSS 7.5
HIGH This Week

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Maximo Application Suite
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Maximo Application Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Application Suite +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Application Suite +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy