Ibm Maximo Application Suite
18 CVEs affecting Ibm Maximo Application Suite. Latest disclosed: 2026-04-01. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2898 | High | 7.5 | 2025-05-06 | IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in… |
CVE-2024-22328 | High | 7.5 | 2024-04-06 | IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL… |
CVE-2023-43037 | Medium | 6.5 | 2025-04-10 | IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. |
CVE-2022-35645 | Medium | 6.4 | 2023-03-02 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerabi… |
CVE-2024-35148 | Medium | 6.3 | 2025-01-25 | IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL st… |
CVE-2022-43923 | Medium | 6.2 | 2023-02-24 | IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. |
CVE-2024-35145 | Medium | 6.1 | 2025-01-25 | IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed ar… |
CVE-2024-37068 | Medium | 5.9 | 2024-09-07 | IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt… |
CVE-2023-27861 | Medium | 5.9 | 2023-06-05 | IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man… |
CVE-2025-1500 | Medium | 5.5 | 2025-04-05 | IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. |
CVE-2024-35146 | Medium | 5.4 | 2024-11-06 | IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated… |
CVE-2023-32332 | Medium | 5.4 | 2023-09-08 | IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malici… |
CVE-2024-35150 | Medium | 5.3 | 2025-01-25 | IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an att… |
CVE-2024-35144 | Medium | 5.3 | 2025-01-25 | IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. |
CVE-2026-4820 | Medium | 4.3 | 2026-04-01 | IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to ge… |
CVE-2023-32335 | Low | 3.7 | 2024-03-13 | IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information di… |
CVE-2023-32334 | Low | 3.7 | 2023-06-05 | IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to informatio… |
CVE-2024-22333 | Low | 3.3 | 2024-06-13 | IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on t… |