CVE-2025-14684

CWE-1173 documents3 sources
Severity
3.3LOW
EPSS
0.0%
top 98.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Maximo Application SuiteIBM Maximo Application Suite - Monitor Component
Timeline
PublishedMar 25
Latest updateMar 26

Description

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

NVDibm/maximo_application_suite8.108.10.26+3

🔴Vulnerability Details

2
GHSA
GHSA-qwvc-m955-qj8v: IBM Maximo Application Suite - Monitor Component 92026-03-26
CVEList
IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .2026-03-25
CVE-2025-14684 (LOW CVSS 3.3) | IBM Maximo Application Suite - Moni | cvebase.io