CVE-2025-36386

Name of the Vulnerable Software and Affected Versions IBM Maximo Application Suite versions 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4

Description The software contains a flaw that allows a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. Approximately 3,600 services are potentially affected worldwide. The vulnerability specifically allows unauthenticated access to Cognos Analytics through a flaw in MXCSP. The issue impacts the ability to validate user credentials, potentially granting access to sensitive data and functionality.

Recommendations IBM Maximo Application Suite versions 9.0.0 through 9.0.15 are affected. IBM Maximo Application Suite versions 9.1.0 through 9.1.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.