Weaker Cryptographic Algorithms in Maximo Suite Could Lead to Sensitive Information Decryption

CVE-2024-37068

7.5HIGH

Key Information

Vendor: IBM
Status: Maximo Application Suite
Vendor: CVE Published:; 7 September 2024

Summary

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

Affected Version(s)

Maximo Application Suite = 8.10, 8.11, 9.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 5.9 - (MEDIUM)
Sep 21, 2024
Risk change from: 7.5 to: 5.9 - (MEDIUM)
Sep 21, 2024
Vulnerability published.
Sep 7, 2024
Vulnerability Reserved.
Jun 2, 2024

Collectors

NVD DatabaseMitre Database

.