Weaker Cryptographic Algorithms in Maximo Suite Could Lead to Sensitive Information Decryption
CVE-2024-37068
7.5HIGH
Summary
The IBM Maximo Application Suite - Manage Component versions 8.10, 8.11, and 9.0 have been found to utilize cryptographic algorithms that are weaker than expected. This vulnerability may enable malicious actors to perform man-in-the-middle attacks, potentially allowing them to decrypt highly sensitive information. Organizations using these affected versions are urged to assess their security measures and consider patching or upgrading to secure their data effectively. Ensuring robust encryption standards is essential to mitigate risks associated with potential data exposure.
Affected Version(s)
Maximo Application Suite 8.10, 8.11, 9.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved