CVE-2024-35150

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite versions 8.10.12 through 9.1.0

Description: The issue is related to the Monitor Component of the IBM Maximo Application Suite, which fails to properly handle log output. This could allow a remote attacker to inject false log entries, potentially leading to security issues. The problem is associated with the component's inability to neutralize output written to logs.

Recommendations: For versions 8.10.12, 8.11.0, 9.0.1, and 9.1.0, consider restricting access to the Monitor Component until a patch is available to prevent potential log manipulation. As a temporary workaround, consider disabling the logging functionality of the Monitor Component to minimize the risk of exploitation. Avoid using the affected versions of the IBM Maximo Application Suite until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.