Vulnerabilities > Modification of Assumed-Immutable Data (MAID)

DATE CVE VULNERABILITY TITLE RISK
2025-05-22 CVE-2025-33136 IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
network
low complexity
CWE-471
7.1
7.1
2025-01-23 CVE-2024-45672 IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent.
local
low complexity
CWE-471
6.0
6.0
2025-01-17 CVE-2024-51462 IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
local
low complexity
CWE-471
4.0
4.0
2018-03-30 CVE-2018-3728 Modification of Assumed-Immutable Data (MAID) vulnerability in Hapijs Hoek
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
network
low complexity
hapijs CWE-471
8.8
8.8