SB2025080511 - Multiple vulnerabilities in IBM Maximo Application Suite

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025080511

SB2025080511 - Multiple vulnerabilities in IBM Maximo Application Suite

Published: August 5, 2025

Security Bulletin ID SB2025080511
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 67% 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper Handling of Case Sensitivity (CVE-ID: CVE-2024-6866)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of a case sensitive try_match() function on the attacker-controlled URI. A remote attacker can bypass implemented security checks and gain unauthorized access to sensitive data. 



2) Security features bypass (CVE-ID: CVE-2024-6839)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper regex path matching. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. A remote attacker can gain unauthorized cross-origin access to sensitive data or functionality.


3) Input validation error (CVE-ID: CVE-2024-6844)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of special characters in URL. A remote attacker can bypass applied CORS restrictions and gain unauthorized access to the application. 


Remediation

Install update from vendor's website.

References