SB2026022652 - Multiple vulnerabilities in IBM Maximo Application Suite - IoT Component

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026022652

SB2026022652 - Multiple vulnerabilities in IBM Maximo Application Suite - IoT Component

Published: February 26, 2026

Security Bulletin ID SB2026022652
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2025-48913)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when handling JMS configuration. A remote user can pass specially crafted configuration file to the application and execute arbitrary code on the target system.


2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-58056)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/1.1 requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


3) Insufficient technical documentation (CVE-ID: CVE-2024-51744)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due due to unclear documentation of the error behavior in "ParseWithClaims". A remote attacker can trick the victim into accepting invalid tokens, which can lead to information disclosure.


Remediation

Install update from vendor's website.

References