Refine your search
2 vulnerabilities found for Maximo Application Suite - Monitor Component by IBM
CVE-2025-14684 (GCVE-0-2025-14684)
Vulnerability from cvelistv5
Published
2026-03-25 21:22
Modified
2026-03-28 01:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Summary
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Application Suite - Monitor Component |
Version: 9.1 Version: 9.0 Version: 8.11 Version: 8.10 cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T01:49:07.548739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T01:49:31.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10.0:*:*:*:*:*:*:*"
],
"product": "Maximo Application Suite - Monitor Component",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "8.11"
},
{
"status": "affected",
"version": "8.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.\u003c/p\u003e"
}
],
"value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T21:22:44.935Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7267481"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRemediated Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite - Monitor Component\u003c/td\u003e\u003ctd\u003e9.1.6\u003cbr\u003e\u003ca href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\"\u003e(available from the Catalog under Update Available)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite - Monitor Component\u003c/td\u003e\u003ctd\u003e9.0.16\u003cbr\u003e\u003ca href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\"\u003e(available from the Catalog under Update Available)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite - Monitor Component\u003c/td\u003e\u003ctd\u003e8.11.24\u003cbr\u003e\u003ca href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\"\u003e(available from the Catalog under Update Available)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Maximo Application Suite - Monitor Component\u003c/td\u003e\u003ctd\u003e8.10.26\u003cbr\u003e\u003ca href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\"\u003e(available from the Catalog under Update Available)\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Remediated Product(s)Version(s)IBM Maximo Application Suite - Monitor Component9.1.6\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component9.0.16\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.11.24\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.10.26\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery"
}
],
"title": "IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-14684",
"datePublished": "2026-03-25T21:22:44.935Z",
"dateReserved": "2025-12-13T20:24:32.826Z",
"dateUpdated": "2026-03-28T01:49:31.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38314 (GCVE-0-2024-38314)
Vulnerability from cvelistv5
Published
2024-10-24 17:23
Modified
2024-10-24 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Summary
IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Application Suite - Monitor Component |
Version: 8.10, 8.11, 9.0 cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:* cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T19:43:06.512728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T19:43:18.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Maximo Application Suite - Monitor Component",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.10, 8.11, 9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment."
}
],
"value": "IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:23:06.127Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7173988"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Maximo Application Suite - Monitor Component information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38314",
"datePublished": "2024-10-24T17:23:06.127Z",
"dateReserved": "2024-06-13T21:43:46.666Z",
"dateUpdated": "2024-10-24T19:43:18.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}