IBM Maximo Application Suite Monitor Component Log Forging Vulnerability

A log forging vulnerability has been identified in the IBM Maximo Application Suite - Monitor Component, affecting versions 9.1, 9.0, 8.11, and 8.10. This vulnerability could allow an unauthorized user to inject data into log messages. The issue arises from improper neutralization of special elements before they are written to log files.

Impact

Exploitation of this vulnerability could lead to log forging, where an attacker can manipulate log files to include false information or remove important entries. This could potentially be used to obscure malicious activity or create misleading records.

Remediation

Users can upgrade to IBM Maximo Application Suite - Monitor Component versions 9.1.6, 9.0.16, 8.11.24, or 8.10.26. These versions are available from the IBM Maximo Application Suite Catalog under 'Update Available'.