CVE-2026-4820

>= 8.10 and < 8.10.33

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies

4.3MEDIUM

CVE-2025-14684

>= 8.10 and < 8.10.26

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log

4.0MEDIUM

CVE-2025-36386

>= 9.0 and <= 9.0.15

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication m

9.8CRITICAL

CVE-2025-2898

all versions

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security c

7.5HIGH

CVE-2023-43037

>= 8.11 and < 8.11.13

IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input

6.5MEDIUM

CVE-2025-1500

>= 9.0 and < 9.0.7

IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by

5.5MEDIUM

CVE-2024-35150

>= 8.10.12 and < 8.10.15

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to l

5.3MEDIUM

CVE-2024-35148

all versions

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could

6.3MEDIUM

CVE-2024-35145

all versions

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthe

6.1MEDIUM

CVE-2024-35144

>= 8.10 and < 8.10.14

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in furthe

5.3MEDIUM

CVE-2024-35146

all versions

IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerabil

5.4MEDIUM

CVE-2024-38314

>= 8.10 and < 8.10.15

IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryp

5.9MEDIUM

CVE-2024-37068

all versions

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could

5.9MEDIUM

CVE-2024-22333

all versions

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can

3.3LOW

CVE-2024-22328

all versions

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could

7.5HIGH

CVE-2024-27266

all versions

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A re

8.2HIGH

CVE-2023-38723

all versions

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitr

6.4MEDIUM

CVE-2023-32335

all versions

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. Th

3.7LOW

CVE-2023-47718

>= 8.10 and < 8.10.6

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could

4.3MEDIUM

CVE-2023-32337

>= 8.10 and < 8.10.6

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated atta

5.4MEDIUM

CVE-2023-32332

all versions

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote

5.4MEDIUM

CVE-2023-32334

all versions

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters

3.7LOW

CVE-2023-27861

all versions

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be interce

5.9MEDIUM

CVE-2022-35645

all versions

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-s

6.4MEDIUM

CVE-2022-43923

all versions

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-F

6.2MEDIUM

CVE-2022-41734

all versions

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed tech

5.3MEDIUM

CVE-2022-35281

all versions

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Sui

5.5MEDIUM

CVE-2022-41732

all versions

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 23740

6.2MEDIUM

CVE-2021-38924

all versions

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed tech

7.5HIGH

CVE-2021-29854

all versions

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by

7.2HIGH

CVE-2021-29743

>= 8.0 and <= 8.4

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed

5.4MEDIUM

CVE-2021-29744

all versions

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr

5.4MEDIUM