IBM Maximo Suite Vulnerable to XML External Entity Injection Attack
CVE-2024-27266

8.2HIGH

Key Information:

Vendor: IBM
Status: Maximo Asset Management
Vendor: CVE Published:; 14 March 2024

What is CVE-2024-27266?

The vulnerability impacts IBM Maximo Application Suite version 7.6.1.3, allowing an XML External Entity Injection (XXE) attack when processing XML data. This security flaw could enable remote attackers to exploit the application, potentially exposing sensitive information and causing excessive memory consumption. Such vulnerabilities can lead to significant security risks if not addressed promptly, making it crucial for users and administrators to implement necessary security measures and apply updates as soon as they are available. For detailed guidance on mitigating this issue, users can refer to IBM's security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Maximo Asset Management 7.6.1.3

References

https://www.ibm.com/support/pages/node/7141270

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/284566

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Feb 22, 2024

JSON

IBM

What is CVE-2024-27266?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.