CVE-2025-14684
Log Injection Vulnerability in IBM Maximo Monitor Component
Publication date: 2026-03-25
Last updated on: 2026-03-31
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | maximo_application_suite | From 8.10 (inc) to 8.10.26 (exc) |
| ibm | maximo_application_suite | From 8.11 (inc) to 8.11.24 (exc) |
| ibm | maximo_application_suite | From 9.0 (inc) to 9.0.16 (exc) |
| ibm | maximo_application_suite | From 9.1 (inc) to 9.1.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the IBM Maximo Application Suite - Monitor Component versions 9.1, 9.0, 8.11, and 8.10. It allows an unauthorized user to inject data into log messages because the application does not properly neutralize special elements when writing to log files.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an unauthorized user to inject malicious or misleading data into log files. This could compromise the integrity of log data, potentially obscuring malicious activity or causing confusion during incident investigations.