Ibm Maximo_application_suite
33 CVEs affecting Ibm Maximo_application_suite. Latest disclosed: 2026-04-01. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-36386 | Critical | 9.8 | 2025-10-28 | IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthoriz… |
CVE-2024-27266 | High | 8.2 | 2024-03-14 | IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit t… |
CVE-2025-2898 | High | 7.5 | 2025-05-06 | IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in… |
CVE-2024-22328 | High | 7.5 | 2024-04-06 | IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL… |
CVE-2021-38924 | High | 7.5 | 2022-09-14 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is return… |
CVE-2021-29854 | High | 7.2 | 2022-05-03 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending… |
CVE-2023-43037 | Medium | 6.5 | 2025-04-10 | IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. |
CVE-2023-38723 | Medium | 6.4 | 2024-03-13 | IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… |
CVE-2022-35645 | Medium | 6.4 | 2023-03-02 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerabi… |
CVE-2024-35148 | Medium | 6.3 | 2025-01-25 | IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL st… |
CVE-2022-43923 | Medium | 6.2 | 2023-02-24 | IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. |
CVE-2022-41732 | Medium | 6.2 | 2022-11-28 | IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. |
CVE-2024-35145 | Medium | 6.1 | 2025-01-25 | IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed ar… |
CVE-2024-38314 | Medium | 5.9 | 2024-10-24 | IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker… |
CVE-2024-37068 | Medium | 5.9 | 2024-09-07 | IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt… |
CVE-2023-27861 | Medium | 5.9 | 2023-06-05 | IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man… |
CVE-2025-1500 | Medium | 5.5 | 2025-04-05 | IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. |
CVE-2022-35281 | Medium | 5.5 | 2023-01-09 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV inje… |
CVE-2024-35146 | Medium | 5.4 | 2024-11-06 | IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated… |
CVE-2023-32337 | Medium | 5.4 | 2024-01-19 | IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized req… |