CVE-2024-35148
Published: 25 January 2025
Description
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Security Summary
CVE-2024-35148 is a SQL injection vulnerability (CWE-89) in the Monitor Component of IBM Maximo Application Suite versions 8.10.10, 8.11.7, and 9.0. Published on 2025-01-25, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity with network accessibility, low attack complexity, and requirements for low privileges.
A remote attacker with low-privileged access could exploit this vulnerability by sending specially crafted SQL statements to the affected Monitor Component. Successful exploitation would allow the attacker to view, add, modify, or delete information in the back-end database, resulting in limited impacts to confidentiality, integrity, and availability.
IBM has issued a security advisory at https://www.ibm.com/support/pages/node/7174952, which provides details on the vulnerability and recommended mitigation steps, including available patches for the affected versions.
Details
- CWE(s)