CVE-2024-35150

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7180057	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:maximo_application_suite::::::::
	cpe:2.3:a:ibm:maximo_application_suite::::::::
	cpe:2.3:a:ibm:maximo_application_suite::::::::
	cpe:2.3:a:ibm:maximo_application_suite:9.1.0:::::::*

History

08 Jul 2025, 20:22

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7180057 -~~	() https://www.ibm.com/support/pages/node/7180057 - Vendor Advisory
Summary		(es) IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1 y 9.1.0: el componente Monitor no neutraliza la salida que se escribe en los registros, lo que podría permitir que un atacante inyecte entradas de registro falsas.
First Time		Ibm maximo Application Suite Ibm
CPE		cpe:2.3:a:ibm:maximo_application_suite:9.1.0:::::::* cpe:2.3:a:ibm:maximo_application_suite::::::::

25 Jan 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-25 15:15

Updated : 2025-07-08 20:22

NVD link : CVE-2024-35150

Mitre link : CVE-2024-35150

CVE.ORG link : CVE-2024-35150

JSON object : View

Products Affected

ibm

maximo_application_suite

CWE

CWE-117

Improper Output Neutralization for Logs

{"id": "CVE-2024-35150", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-01-25T15:15:08.770", "references": [{"url": "https://www.ibm.com/support/pages/node/7180057", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-117"}]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries."}, {"lang": "es", "value": "IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1 y 9.1.0: el componente Monitor no neutraliza la salida que se escribe en los registros, lo que podr\u00eda permitir que un atacante inyecte entradas de registro falsas."}], "lastModified": "2025-07-08T20:22:34.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "366AC741-3CC0-4DB5-92B5-7C227D40BE74", "versionEndExcluding": "8.10.15", "versionStartIncluding": "8.10.12"}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE541EA7-8321-4028-A1D6-99BE62059C88", "versionEndExcluding": "8.11.13", "versionStartIncluding": "8.11"}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "613B6989-AD3C-4259-9B18-E97DD7E9CC32", "versionEndExcluding": "9.0.5", "versionStartIncluding": "9.0.1"}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E81D05-3954-4D7A-BC81-079EC6D8E715"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}