cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-37068,https://securityvulnerability.io/vulnerability/CVE-2024-37068,Weaker Cryptographic Algorithms in Maximo Suite Could Lead to Sensitive Information Decryption,"The IBM Maximo Application Suite - Manage Component versions 8.10, 8.11, and 9.0 have been found to utilize cryptographic algorithms that are weaker than expected. This vulnerability may enable malicious actors to perform man-in-the-middle attacks, potentially allowing them to decrypt highly sensitive information. Organizations using these affected versions are urged to assess their security measures and consider patching or upgrading to secure their data effectively. Ensuring robust encryption standards is essential to mitigate risks associated with potential data exposure.",IBM,Maximo Application Suite,7.5,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2024-09-07T13:43:38.884Z,0
CVE-2024-22333,https://securityvulnerability.io/vulnerability/CVE-2024-22333,IBM Maximo Asset Management Vulnerability: Web Pages Stored Locally Can Be Accessed by Other Users,IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973.,IBM,"Maximo Application Suite,Maximo Asset Management",3.3,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-06-13T13:55:39.767Z,0
CVE-2024-22328,https://securityvulnerability.io/vulnerability/CVE-2024-22328,Maximo Suite Vulnerable to Remote File Access Attack,"IBM Maximo Application Suite versions 8.10 and 8.11 are susceptible to a directory traversal vulnerability that could permit a remote attacker to access sensitive files on the system. This occurs through specially crafted URL requests that include 'dot dot' sequences (/../), allowing unauthorized access to system directories and files. The exploitation could lead to data exposure and potential disclosure of sensitive information.",IBM,Maximo Application Suite,7.5,HIGH,0.0004400000034365803,false,false,false,true,true,false,false,2024-04-06T11:40:29.742Z,0
CVE-2023-32335,https://securityvulnerability.io/vulnerability/CVE-2023-32335,IBM Maximo Suite Vulnerability: Sensitive Information in URL Parameters,"The IBM Maximo Application Suite and IBM Maximo Asset Management products expose sensitive information via URL parameters. This misconfiguration allows unauthorized individuals to gain access to confidential data if they can view these URLs through server logs, referrer headers, or browser history. Such exposure could lead to significant security implications for organizations utilizing these applications, underscoring the importance of implementing robust security measures to protect sensitive information.",IBM,"Maximo Application Suite,Maximo Asset Management",3.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-03-13T09:23:23.225Z,0
CVE-2023-43043,https://securityvulnerability.io/vulnerability/CVE-2023-43043,Maximo Mobile for EAM Vulnerability Could Disclose Sensitive Information to Local Users,"The IBM Maximo Application Suite, specifically the Maximo Mobile for EAM versions 8.10 and 8.11, has a vulnerability that allows local users to access sensitive information. This exposure can lead to significant security risks if unaddressed, as it enables unauthorized users to gain insights into confidential data, potentially impacting organizational security policies and compliance requirements. Organizations using these affected versions are advised to review their security measures and apply necessary patches to mitigate the risk.",IBM,Maximo Application Suite - Maximo Mobile For Eam,5.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-13T09:19:36.434Z,0
CVE-2023-32332,https://securityvulnerability.io/vulnerability/CVE-2023-32332,IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection,"IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  255072.",IBM,"Maximo Asset Management,Maximo Application Suite",5.4,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-09-08T20:15:00.000Z,0
CVE-2023-32334,https://securityvulnerability.io/vulnerability/CVE-2023-32334,IBM Maximo Asset Management information disclosure,"IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074.",IBM,"Maximo Asset Management,Maximo Application Suite",5.3,MEDIUM,0.0007099999929778278,false,false,false,false,,false,false,2023-06-05T01:15:00.000Z,0
CVE-2023-27861,https://securityvulnerability.io/vulnerability/CVE-2023-27861,IBM Maximo Application Suite information disclosure,IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques.  IBM X-Force ID:  249208.,IBM,Maximo Application Suite,5.9,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2023-06-05T01:15:00.000Z,0
CVE-2022-35645,https://securityvulnerability.io/vulnerability/CVE-2022-35645,IBM Maximo Asset Management cross-site scripting,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958.",IBM,"Maximo Asset Management,Maximo Application Suite",6.4,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2023-03-02T20:14:56.934Z,0
CVE-2022-43923,https://securityvulnerability.io/vulnerability/CVE-2022-43923,,IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user.  IBM X-Force ID:  241584.,IBM,Maximo Application Suite,6.2,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-02-24T14:13:01.313Z,0