June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple WordPress Plugins Vulnerabilities
April 25, 2025
Microsoft’s Symlink Update Introduces New DoS Vulnerability
April 25, 2025
Multiple WordPress Plugins Vulnerabilities
April 25, 2025
Microsoft’s Symlink Update Introduces New DoS Vulnerability
April 25, 2025
Severity
Medium
Analysis Summary
CVE-2025-2986 CVSS:5.5
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-55895 CVSS:2.7
IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Impact
- Cross-site Scripting
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-2986
CVE-2024-55895
Affected Vendors
- IBM
Affected Products
- IBM InfoSphere Information Server - 11.7
- IBM Maximo Asset Management - 7.6.1.3
Remediation
Upgrade to the latest version of InfoSphere Information Server, available from the IBM Security Advisory.