cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-35150,https://securityvulnerability.io/vulnerability/CVE-2024-35150,Log Injection Vulnerability in IBM Maximo Application Suite,"The IBM Maximo Application Suite experiences a vulnerability in its Monitor Component that fails to properly neutralize output sent to logs. This imperfection may enable attackers to inject deceptive entries into the log files, potentially leading to misleading information being recorded. Such an attack could compromise the integrity of the logging system, making it challenging to accurately assess the state of the application and potentially allowing further attacks.",IBM,Maximo Application Suite,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T14:31:10.563Z,0
CVE-2024-35148,https://securityvulnerability.io/vulnerability/CVE-2024-35148,SQL Injection Vulnerability in IBM Maximo Application Suite,"The Monitor Component of IBM Maximo Application Suite versions 8.10.10, 8.11.7, and 9.0 is susceptible to SQL injection attacks. This vulnerability allows a remote attacker to execute malicious SQL statements that can compromise the database by permitting unauthorized access to view, modify, or delete information. Organizations using affected versions should take immediate action to apply security mitigations to safeguard their data and infrastructure.",IBM,Maximo Application Suite,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-25T14:28:16.353Z,0
CVE-2024-35144,https://securityvulnerability.io/vulnerability/CVE-2024-35144,Source Code Exposure in IBM Maximo Application Suite Monitor Component,"The Monitor Component of the IBM Maximo Application Suite (versions 8.10, 8.11, and 9.0) has a vulnerability that results in the storage of source code on the web server. This exposure can facilitate subsequent attacks against the system, allowing malicious actors to exploit weaknesses in the application more easily. Organizations using these versions should take immediate steps to secure their environments.",IBM,Maximo Application Suite,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T14:24:56.824Z,0
CVE-2024-35145,https://securityvulnerability.io/vulnerability/CVE-2024-35145,Cross-Site Scripting Vulnerability in IBM Maximo Application Suite,"The IBM Maximo Application Suite Monitor Component is susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue permits unauthenticated attackers to inject arbitrary JavaScript code into the web interface. As a result, the malicious script could manipulate the functioning of the application, which may lead to the unauthorized disclosure of sensitive user credentials within active sessions, compromising user security and application integrity.",IBM,Maximo Application Suite,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-25T14:21:59.951Z,0
CVE-2024-37068,https://securityvulnerability.io/vulnerability/CVE-2024-37068,Weaker Cryptographic Algorithms in Maximo Suite Could Lead to Sensitive Information Decryption,"The IBM Maximo Application Suite - Manage Component versions 8.10, 8.11, and 9.0 have been found to utilize cryptographic algorithms that are weaker than expected. This vulnerability may enable malicious actors to perform man-in-the-middle attacks, potentially allowing them to decrypt highly sensitive information. Organizations using these affected versions are urged to assess their security measures and consider patching or upgrading to secure their data effectively. Ensuring robust encryption standards is essential to mitigate risks associated with potential data exposure.",IBM,Maximo Application Suite,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-09-07T13:43:38.884Z,0
CVE-2024-22333,https://securityvulnerability.io/vulnerability/CVE-2024-22333,IBM Maximo Asset Management Vulnerability: Web Pages Stored Locally Can Be Accessed by Other Users,IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system.  IBM X-Force ID:  279973.,IBM,"Maximo Application Suite,Maximo Asset Management",3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-13T13:55:39.767Z,0
CVE-2024-22328,https://securityvulnerability.io/vulnerability/CVE-2024-22328,Maximo Suite Vulnerable to Remote File Access Attack,"IBM Maximo Application Suite versions 8.10 and 8.11 are susceptible to a directory traversal vulnerability that could permit a remote attacker to access sensitive files on the system. This occurs through specially crafted URL requests that include 'dot dot' sequences (/../), allowing unauthorized access to system directories and files. The exploitation could lead to data exposure and potential disclosure of sensitive information.",IBM,Maximo Application Suite,7.5,HIGH,0.0008999999845400453,false,,false,false,true,2024-04-07T22:09:17.000Z,true,false,false,,2024-04-06T11:40:29.742Z,0
CVE-2023-32335,https://securityvulnerability.io/vulnerability/CVE-2023-32335,IBM Maximo Suite Vulnerability: Sensitive Information in URL Parameters,"The IBM Maximo Application Suite and IBM Maximo Asset Management products expose sensitive information via URL parameters. This misconfiguration allows unauthorized individuals to gain access to confidential data if they can view these URLs through server logs, referrer headers, or browser history. Such exposure could lead to significant security implications for organizations utilizing these applications, underscoring the importance of implementing robust security measures to protect sensitive information.",IBM,"Maximo Application Suite,Maximo Asset Management",7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2024-03-13T09:23:23.225Z,0
CVE-2023-43043,https://securityvulnerability.io/vulnerability/CVE-2023-43043,Maximo Mobile for EAM Vulnerability Could Disclose Sensitive Information to Local Users,"The IBM Maximo Application Suite, specifically the Maximo Mobile for EAM versions 8.10 and 8.11, has a vulnerability that allows local users to access sensitive information. This exposure can lead to significant security risks if unaddressed, as it enables unauthorized users to gain insights into confidential data, potentially impacting organizational security policies and compliance requirements. Organizations using these affected versions are advised to review their security measures and apply necessary patches to mitigate the risk.",IBM,Maximo Application Suite - Maximo Mobile For Eam,5.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-13T09:19:36.434Z,0
CVE-2023-32332,https://securityvulnerability.io/vulnerability/CVE-2023-32332,IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection,"IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  255072.",IBM,"Maximo Asset Management,Maximo Application Suite",5.4,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2023-09-08T20:15:00.000Z,0
CVE-2023-32334,https://securityvulnerability.io/vulnerability/CVE-2023-32334,IBM Maximo Asset Management information disclosure,"IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.  IBM X-Force ID:  255074.",IBM,"Maximo Asset Management,Maximo Application Suite",5.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-06-05T01:15:00.000Z,0
CVE-2023-27861,https://securityvulnerability.io/vulnerability/CVE-2023-27861,IBM Maximo Application Suite information disclosure,IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques.  IBM X-Force ID:  249208.,IBM,Maximo Application Suite,5.9,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-06-05T01:15:00.000Z,0
CVE-2022-35645,https://securityvulnerability.io/vulnerability/CVE-2022-35645,IBM Maximo Asset Management cross-site scripting,"IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  230958.",IBM,"Maximo Asset Management,Maximo Application Suite",6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-02T20:14:56.934Z,0
CVE-2022-43923,https://securityvulnerability.io/vulnerability/CVE-2022-43923,Information Disclosure in IBM Maximo Application Suite,"IBM Maximo Application Suite versions 8.8.0 and 8.9.0 are vulnerable due to improper handling of sensitive information. This flaw allows local users to read potentially sensitive data stored within the application, posing a risk of unauthorized access. To mitigate this issue, it's crucial for organizations to apply patches and adhere to best practices in securing access rights to sensitive data.",IBM,Maximo Application Suite,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-24T14:13:01.313Z,0