CRITICAL🇵🇱 Wersja polska

CVE-2025-36386

CVSS 9.8v3.1pub. 2025-10-28upd. 2025-11-21

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) indicates an error in the authentication mechanism implementation that can be bypassed without valid login credentials. A network attacker can send a crafted request to the application and gain access to protected resources, bypassing standard identity controls. Due to the network vector (AV:N) and lack of prerequisites (PR:N, AC:L), the attack can be performed by any remote user with access to the application interface.

Impact

An attacker can gain full, unauthorized access to the IBM Maximo Application Suite application, threatening the confidentiality, integrity, and availability of data — including sensitive operational and configuration data of managed assets.

Mitigation & patch

Apply patches available from the vendor according to the references: https://www.ibm.com/support/pages/node/7249416

Who is affected

IBM Maximo Application Suite versions 9.0.0 to 9.0.15 and 9.1.0 to 9.1.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Maximo Application Suite

    APP
    Ibm
    9.0 – 9.0.159.1.0 – 9.1.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-2898HIGH7.5ten sam produkt

IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges...

CVE-2024-22328HIGH7.5ten sam produkt

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system...

CVE-2024-27266HIGH8.2ten sam produkt

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when proce...

CVE-2021-38924HIGH7.5ten sam produkt

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information ...

CVE-2021-29854HIGH7.2ten sam produkt

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper val...