IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) indicates an error in the authentication mechanism implementation that can be bypassed without valid login credentials. A network attacker can send a crafted request to the application and gain access to protected resources, bypassing standard identity controls. Due to the network vector (AV:N) and lack of prerequisites (PR:N, AC:L), the attack can be performed by any remote user with access to the application interface.
An attacker can gain full, unauthorized access to the IBM Maximo Application Suite application, threatening the confidentiality, integrity, and availability of data — including sensitive operational and configuration data of managed assets.
Apply patches available from the vendor according to the references: https://www.ibm.com/support/pages/node/7249416
IBM Maximo Application Suite versions 9.0.0 to 9.0.15 and 9.1.0 to 9.1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Maximo Application Suite
APPIbm9.0 – 9.0.159.1.0 – 9.1.4
Related vulnerabilities
IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges...
IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system...
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when proce...
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information ...
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper val...