PT-2026-29623 · Ibm · Ibm Maximo Application Suite
Zane Parker
·
Published
2026-04-01
·
Updated
2026-04-02
·
CVE-2026-4820
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Maximo Application Suite versions 9.1, 9.0, 8.11, and 8.10
Description
The IBM Maximo Application Suite does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending a user a link using the http:// protocol or by planting such a link on a site the user visits. The cookie will be sent to the insecure link, allowing the attacker to capture the cookie value by monitoring network traffic.
Recommendations
Update IBM Maximo Application Suite to a version where the secure attribute is set on authorization tokens and session cookies.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Maximo Application Suite