Stored Cross-Site Scripting Vulnerability in IBM Maximo Asset Management
CVE-2025-2986

5.5MEDIUM

Key Information:

Vendor

IBM
Status
Maximo Asset Management
Vendor
CVE Published:
25 April 2025

What is CVE-2025-2986?

IBM Maximo Asset Management 7.6.1.3 contains a vulnerability that allows a privileged user to inject arbitrary JavaScript code into the Web UI. This stored cross-site scripting flaw can compromise the functionality of the application and may lead to sensitive credential exposure within a user’s trusted session, posing significant security risks.

Affected Version(s)

Maximo Asset Management 7.6.1.3

References

https://www.ibm.com/support/pages/node/7231785
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.