Ibm

Maximo Application Suite

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-36386

  • EPSS 0.32%
  • Veröffentlicht 28.10.2025 15:56:58
  • Zuletzt bearbeitet 21.11.2025 14:10:18

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

8.8

CVE-2025-2898

  • EPSS 0.03%
  • Veröffentlicht 06.05.2025 14:41:09
  • Zuletzt bearbeitet 16.05.2025 20:02:07

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations.

6.5

CVE-2023-43037

  • EPSS 0.05%
  • Veröffentlicht 10.04.2025 13:19:47
  • Zuletzt bearbeitet 08.07.2025 18:43:54

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation.

8

CVE-2025-1500

  • EPSS 0.03%
  • Veröffentlicht 05.04.2025 00:28:26
  • Zuletzt bearbeitet 08.07.2025 20:14:36

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

5.3

CVE-2024-35150

  • EPSS 0.1%
  • Veröffentlicht 25.01.2025 15:15:08
  • Zuletzt bearbeitet 08.07.2025 20:22:34

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.

8.8

CVE-2024-35148

  • EPSS 0.09%
  • Veröffentlicht 25.01.2025 15:15:08
  • Zuletzt bearbeitet 08.07.2025 20:27:05

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

6.1

CVE-2024-35145

  • EPSS 0.18%
  • Veröffentlicht 25.01.2025 15:15:08
  • Zuletzt bearbeitet 08.07.2025 20:29:30

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...

5.3

CVE-2024-35144

  • EPSS 0.1%
  • Veröffentlicht 25.01.2025 15:15:07
  • Zuletzt bearbeitet 08.07.2025 20:29:44

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.

5.4

CVE-2024-35146

  • EPSS 0.52%
  • Veröffentlicht 06.11.2024 15:15:19
  • Zuletzt bearbeitet 08.07.2025 20:29:54

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended funct...

5.9

CVE-2024-38314

  • EPSS 0.08%
  • Veröffentlicht 24.10.2024 18:15:07
  • Zuletzt bearbeitet 08.07.2025 19:55:10

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.