Export limit exceeded: 338206 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (220 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2898 | 1 Ibm | 1 Maximo Application Suite | 2026-02-26 | 7.5 High |
| IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configurations. | ||||
| CVE-2025-36386 | 1 Ibm | 1 Maximo Application Suite | 2025-11-21 | 9.8 Critical |
| IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. | ||||
| CVE-2025-1500 | 1 Ibm | 1 Maximo Application Suite | 2025-09-01 | 5.5 Medium |
| IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | ||||
| CVE-2025-2987 | 1 Ibm | 1 Maximo Asset Management | 2025-09-01 | 3.8 Low |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-2986 | 1 Ibm | 1 Maximo Asset Management | 2025-08-28 | 5.5 Medium |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-45652 | 1 Ibm | 1 Maximo Asset Management | 2025-08-18 | 6.5 Medium |
| IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2023-43037 | 1 Ibm | 1 Maximo Application Suite | 2025-08-16 | 6.5 Medium |
| IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. | ||||
| CVE-2023-43043 | 1 Ibm | 2 Enterprise Asset Management, Maximo Mobile For Eam | 2025-08-15 | 5.1 Medium |
| IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. | ||||
| CVE-2024-45077 | 1 Ibm | 1 Maximo Asset Management | 2025-08-14 | 6.5 Medium |
| IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. | ||||
| CVE-2024-35146 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.4 Medium |
| IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-35144 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.3 Medium |
| IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system. | ||||
| CVE-2024-35145 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 6.1 Medium |
| IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-35148 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 6.3 Medium |
| IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | ||||
| CVE-2024-35150 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.3 Medium |
| IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries. | ||||
| CVE-2024-38314 | 1 Ibm | 1 Maximo Application Suite | 2025-07-08 | 5.9 Medium |
| IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. | ||||
| CVE-2023-47718 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2025-06-17 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. | ||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2025-05-28 | 8.1 High |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | ||||
| CVE-2022-41732 | 1 Ibm | 1 Maximo Application Suite | 2025-04-25 | 6.2 Medium |
| IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407. | ||||
| CVE-2017-1352 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. | ||||
| CVE-2017-1292 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | ||||