SB2026010634 - Multiple vulnerabilities in IBM Maximo Application Suite

Security Bulletin ID SB2026010634

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2025-21502)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

2) Missing initialization of resource (CVE-ID: CVE-2025-54410)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Docker fails to re-create iptables rules that isolate bridge networks when firewalld reloads, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7256206