Primary

Context

IBM Maximo Application Suite Sensitive Cookie Vulnerability Due to Missing Secure Attribute

Vulnerability

Patched

A vulnerability exists in IBM Maximo Application Suite versions 9.1, 9.0, 8.11, and 8.10, where authorization tokens and session cookies are not configured with the secure attribute. This oversight allows attackers to intercept cookie values by sending a non-secure link to a user or embedding it in a site the user visits. The cookies would be transmitted over the insecure link, enabling the attacker to capture the cookie values by monitoring the traffic.

Impact

Exploitation of this vulnerability allows for the interception of session cookies, which could be used to hijack user sessions.

Remediation

Users can upgrade to IBM Maximo Application Suite versions 9.1.8, 9.0.19, 8.11.30, or 8.10.33 to address this vulnerability.

Added: Apr 1, 2026, 9:24 PM

Updated: Apr 1, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.3

exploitability

5.8

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.3

exploitability

5.8

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Maximo Application Suite Sensitive Cookie Vulnerability Due to Missing Secure Attribute

Vulnerability

Impact

Remediation

Affected Products

IBM Maximo Application Suite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating