{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14684", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-13T20:24:32.826Z", "datePublished": "2026-03-25T21:22:44.935Z", "dateUpdated": "2026-03-25T21:22:44.935Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T21:22:44.935Z"}, "title": "IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Maximo Application Suite - Monitor Component", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.0"}, {"status": "affected", "version": "8.11"}, {"status": "affected", "version": "8.10"}], "cpes": ["cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267481", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Remediated Product(s)Version(s)IBM Maximo Application Suite - Monitor Component9.1.6\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component9.0.16\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.11.24\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.10.26\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><br></p><table><tbody><tr><td>Remediated Product(s)</td><td>Version(s)</td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>9.1.6<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>9.0.16<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>8.11.24<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>8.10.26<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files."}], "id": "CVE-2025-14684", "lastModified": "2026-03-25T22:16:18.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T22:16:18.660", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7267481"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}