IBM Maximo Suite Vulnerable to XML External Entity Injection Attack
CVE-2024-27266
8.2HIGH
What is CVE-2024-27266?
The vulnerability impacts IBM Maximo Application Suite version 7.6.1.3, allowing an XML External Entity Injection (XXE) attack when processing XML data. This security flaw could enable remote attackers to exploit the application, potentially exposing sensitive information and causing excessive memory consumption. Such vulnerabilities can lead to significant security risks if not addressed promptly, making it crucial for users and administrators to implement necessary security measures and apply updates as soon as they are available. For detailed guidance on mitigating this issue, users can refer to IBM's security advisory.
Affected Version(s)
Maximo Asset Management 7.6.1.3