CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2898 – IBM Maximo Application Suite privilege escalation
https://notcve.org/view.php?id=CVE-2025-2898
06 May 2025 — IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations. • https://https://www.ibm.com/support/pages/node/7232050 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43037 – IBM Maximo Application Suite improper access control
https://notcve.org/view.php?id=CVE-2023-43037
10 Apr 2025 — IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. • https://www.ibm.com/support/pages/node/7230567 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1500 – IBM Maximo Application Suite file upload
https://notcve.org/view.php?id=CVE-2025-1500
05 Apr 2025 — IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. • https://www.ibm.com/support/pages/node/7230140 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35150 – IBM Maximo Application Suite log manipulation
https://notcve.org/view.php?id=CVE-2024-35150
25 Jan 2025 — IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. • https://www.ibm.com/support/pages/node/7180057 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35148 – IBM Maximo Application Suite SQL injection
https://notcve.org/view.php?id=CVE-2024-35148
25 Jan 2025 — IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7174952 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35144 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-35144
25 Jan 2025 — IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. • https://www.ibm.com/support/pages/node/7174953 • CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35145 – IBM Maximo Application Suite cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35145
25 Jan 2025 — IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174956 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35146 – IBM Maximo Application Suite cross-site scripting
https://notcve.org/view.php?id=CVE-2024-35146
06 Nov 2024 — IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38314 – IBM Maximo Application Suite - Monitor Component information disclosure
https://notcve.org/view.php?id=CVE-2024-38314
24 Oct 2024 — IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. • https://www.ibm.com/support/pages/node/7173988 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37068 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-37068
07 Sep 2024 — IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292799 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •