CVE-2025-14684

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7267481	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:maximo_application_suite::::::::
	cpe:2.3:a:ibm:maximo_application_suite::::::::
	cpe:2.3:a:ibm:maximo_application_suite::::::::
	cpe:2.3:a:ibm:maximo_application_suite::::::::

History

31 Mar 2026, 20:20

Type	Values Removed	Values Added
Summary		(es) IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11 y 8.10 podría permitir a un usuario no autorizado inyectar datos en los mensajes de registro debido a una neutralización inadecuada de elementos especiales al escribirse en los archivos de registro.
CPE		cpe:2.3:a:ibm:maximo_application_suite::::::::
First Time		Ibm Ibm maximo Application Suite
References	~~() https://www.ibm.com/support/pages/node/7267481 -~~	() https://www.ibm.com/support/pages/node/7267481 - Vendor Advisory

25 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 22:16

Updated : 2026-03-31 20:20

NVD link : CVE-2025-14684

Mitre link : CVE-2025-14684

CVE.ORG link : CVE-2025-14684

JSON object : View

Products Affected

ibm

maximo_application_suite

CWE

CWE-117

Improper Output Neutralization for Logs

{"id": "CVE-2025-14684", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2026-03-25T22:16:18.660", "references": [{"url": "https://www.ibm.com/support/pages/node/7267481", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-117"}]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files."}, {"lang": "es", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11 y 8.10 podr\u00eda permitir a un usuario no autorizado inyectar datos en los mensajes de registro debido a una neutralizaci\u00f3n inadecuada de elementos especiales al escribirse en los archivos de registro."}], "lastModified": "2026-03-31T20:20:07.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202DA614-9FA9-49BB-A847-97ACE508822E", "versionEndExcluding": "8.10.26", "versionStartIncluding": "8.10"}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2118EDE1-491F-4697-BD79-4261F62FE712", "versionEndExcluding": "8.11.24", "versionStartIncluding": "8.11"}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96448D2A-6208-4B95-B43C-08DF6746FC3F", "versionEndExcluding": "9.0.16", "versionStartIncluding": "9.0"}, {"criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BCEFF22-070F-47FA-9C14-CCDA3B6AE38A", "versionEndExcluding": "9.1.6", "versionStartIncluding": "9.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}