CVE-2024-35150 MEDIUM

CVE-2024-35150: IBM Maximo Application Suite log manipulation

Vendor Ibm
Product Maximo Application Suite
Weakness CWE-117
Published January 25, 2025
Last update February 12, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.

Key dates

02Disclosure timeline

January 25, 2025 CVE published
February 12, 2025 Record updated