Vulnerabilities > IBM > Maximo Application Suite

DATE CVE VULNERABILITY TITLE RISK
2024-09-07 CVE-2024-37068 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Maximo Application Suite 8.10/8.11/9.0
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.
network
low complexity
ibm CWE-327
7.5
2024-06-13 CVE-2024-22333 Exposure of Resource to Wrong Sphere vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-668
3.3
2024-03-14 CVE-2024-27266 Unspecified vulnerability in IBM Maximo Application Suite 7.6.1.3
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm
8.2
2024-01-19 CVE-2023-32337 Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
2024-01-19 CVE-2023-47718 Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm
8.8
2023-09-08 CVE-2023-32332 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2023-06-05 CVE-2023-27861 Cleartext Transmission of Sensitive Information vulnerability in IBM Maximo Application Suite 8.8.0/8.9.0
IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques.
network
high complexity
ibm CWE-319
5.9
2023-06-05 CVE-2023-32334 Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters.
network
low complexity
ibm
5.3
2023-03-02 CVE-2022-35645 Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting.
network
low complexity
ibm
5.4
2023-02-24 CVE-2022-43923 Unspecified vulnerability in IBM Maximo Application Suite 8.8.0/8.9.0
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user.
local
low complexity
ibm
5.5