CVE-2025-14684

MEDIUM

IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .

Title source: cna

Description

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7267481

Scores

CVSS v3 4.0

EPSS 0.0001

EPSS Percentile 0.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-117

Status published

Products (5)

IBM/Maximo Application Suite - Monitor Component 8.10

IBM/Maximo Application Suite - Monitor Component 8.11

IBM/Maximo Application Suite - Monitor Component 9.0

IBM/Maximo Application Suite - Monitor Component 9.1

ibm/maximo_application_suite 8.10 - 8.10.26

Published Mar 25, 2026

Tracked Since Mar 26, 2026