Session Cookie Vulnerability in IBM Maximo Application Suite
CVE-2026-4820

4.3MEDIUM

Key Information:

Vendor

IBM

Vendor
CVE Published:
1 April 2026

What is CVE-2026-4820?

IBM Maximo Application Suite versions 9.1, 9.0, 8.11, and 8.10 lack the secure attribute on authorization tokens and session cookies. This flaw can be exploited by attackers who trick users into clicking on a malicious link that leads to an insecure HTTP connection. Consequently, cookies containing sensitive session information may be transmitted insecurely, enabling attackers to intercept cookie data through snooping. It is vital for users and administrators to ensure that appropriate security measures are implemented to protect against such attacks.

Affected Version(s)

Maximo Application Suite 9.1.0 <= 10.6.5.0

Maximo Application Suite 9.0

Maximo Application Suite 8.11.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.