CVE-2026-4820 in IBM Maximo Application Suiteinfo

Zusammenfassung (Englisch)

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

Zuständig

ibm

Reservieren

25.03.2026

Veröffentlichung

02.04.2026

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
354792	IBM Maximo Application Suite Authorization Token Information Disclosure	614	Nicht definiert	Offizieller Fix	CVE-2026-4820

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!