CVE-2024-37068

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37068
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/292799 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7167725 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:*
History

21 Sep 2024, 10:15

Type Values Removed Values Added
Summary (en) IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. (en) IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man in the middle techniques.

13 Sep 2024, 21:04

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:*
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/292799 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/292799 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7167725 - () https://www.ibm.com/support/pages/node/7167725 - Vendor Advisory
First Time Ibm maximo Application Suite
Ibm
CVSS v2 : unknown
v3 : 5.9 		v2 : unknown
v3 : 7.5

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) IBM Maximo Application Suite - Manage Component 8.10, 8.11 y 9.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial.

07 Sep 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-07 14:15

Updated : 2024-09-21 10:15

NVD link : CVE-2024-37068

Mitre link : CVE-2024-37068

CVE.ORG link : CVE-2024-37068

JSON object : View

Products Affected

ibm

  • maximo_application_suite
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm