Ibm Maximo Application Suite — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Maximo Application Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2025-36386 — CVSS 9.8 (critical): IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms…
CVE-2024-27266 — CVSS 8.2 (high): IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2021-38924 — CVSS 7.5 (high): IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2024-22328 — CVSS 7.5 (high): IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2025-2898 — CVSS 7.5 (high): IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security…
CVE-2021-29854 — CVSS 7.2 (high): IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST…
CVE-2023-43037 — CVSS 6.5 (medium): IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input…
CVE-2022-35645 — CVSS 6.4 (medium): IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site…
CVE-2023-38723 — CVSS 6.4 (medium): IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2024-35148 — CVSS 6.3 (medium): IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send…
CVE-2022-41732 — CVSS 6.2 (medium): IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.
CVE-2022-43923 — CVSS 6.2 (medium): IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID…
CVE-2024-35145 — CVSS 6.1 (medium): IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated…
CVE-2024-38314 — CVSS 5.9 (medium): IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic…
CVE-2023-27861 — CVSS 5.9 (medium): IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by…
CVE-2024-37068 — CVSS 5.9 (medium): IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an…
CVE-2025-1500 — CVSS 5.5 (medium): IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another…
CVE-2022-35281 — CVSS 5.5 (medium): IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are…
CVE-2023-32332 — CVSS 5.4 (medium): IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker…
CVE-2023-32337 — CVSS 5.4 (medium): IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2021-29743 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed…
CVE-2024-35146 — CVSS 5.4 (medium): IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability…
CVE-2021-29744 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-41734 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2024-35144 — CVSS 5.3 (medium): IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks…
CVE-2024-35150 — CVSS 5.3 (medium): IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs…
CVE-2026-4820 — CVSS 4.3 (medium): IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies…
CVE-2023-47718 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an…
CVE-2025-14684 — CVSS 4.0 (medium): IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages…
CVE-2023-32335 — CVSS 3.7 (low): IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may…
CVE-2023-32334 — CVSS 3.7 (low): IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This…
CVE-2024-22333 — CVSS 3.3 (low): IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read…