Weaker Cryptographic Algorithms in Maximo Suite Could Lead to Sensitive Information Decryption
CVE-2024-37068

7.5HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 September 2024

Summary

The IBM Maximo Application Suite - Manage Component versions 8.10, 8.11, and 9.0 have been found to utilize cryptographic algorithms that are weaker than expected. This vulnerability may enable malicious actors to perform man-in-the-middle attacks, potentially allowing them to decrypt highly sensitive information. Organizations using these affected versions are urged to assess their security measures and consider patching or upgrading to secure their data effectively. Ensuring robust encryption standards is essential to mitigate risks associated with potential data exposure.

Affected Version(s)

Maximo Application Suite 8.10, 8.11, 9.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.