CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35150 – IBM Maximo Application Suite log manipulation
https://notcve.org/view.php?id=CVE-2024-35150
25 Jan 2025 — IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. • https://www.ibm.com/support/pages/node/7180057 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35148 – IBM Maximo Application Suite SQL injection
https://notcve.org/view.php?id=CVE-2024-35148
25 Jan 2025 — IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7174952 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35144 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-35144
25 Jan 2025 — IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7174953 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35145 – IBM Maximo Application Suite cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35145
25 Jan 2025 — IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45077 – IBM Maximo Asset Management file upload
https://notcve.org/view.php?id=CVE-2024-45077
24 Jan 2025 — IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. • https://www.ibm.com/support/pages/node/7174819 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45652 – IBM Maximo Asset Management directory traversal
https://notcve.org/view.php?id=CVE-2024-45652
19 Jan 2025 — IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7174820 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45088 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45088
11 Nov 2024 — IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35146 – IBM Maximo Application Suite cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35146
06 Nov 2024 — IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38314 – IBM Maximo Application Suite - Monitor Component information disclosure
https://notcve.org/view.php?id=CVE-2024-38314
24 Oct 2024 — IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. • https://www.ibm.com/support/pages/node/7173988 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37068 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-37068
07 Sep 2024 — IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292799 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •