{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14684", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-13T20:24:32.826Z", "datePublished": "2026-03-25T21:22:44.935Z", "dateUpdated": "2026-03-28T01:49:31.469Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T21:22:44.935Z"}, "title": "IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Maximo Application Suite - Monitor Component", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.0"}, {"status": "affected", "version": "8.11"}, {"status": "affected", "version": "8.10"}], "cpes": ["cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267481", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Remediated Product(s)Version(s)IBM Maximo Application Suite - Monitor Component9.1.6\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component9.0.16\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.11.24\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.10.26\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><br></p><table><tbody><tr><td>Remediated Product(s)</td><td>Version(s)</td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>9.1.6<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>9.0.16<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>8.11.24<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>8.10.26<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-28T01:49:07.548739Z", "id": "CVE-2025-14684", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T01:49:31.469Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14684", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-28T01:49:07.548739Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T01:49:23.106Z"}}], "cna": {"title": "IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:9.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:maximo_application_suite___monitor_component:8.10.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Maximo Application Suite - Monitor Component", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.0"}, {"status": "affected", "version": "8.11"}, {"status": "affected", "version": "8.10"}]}], "solutions": [{"lang": "en", "value": "Remediated Product(s)Version(s)IBM Maximo Application Suite - Monitor Component9.1.6\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component9.0.16\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.11.24\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery IBM Maximo Application Suite - Monitor Component8.10.26\n (available from the Catalog under Update Available) https://www.ibm.com/docs/en/mas-cd/continuous-delivery", "supportingMedia": [{"type": "text/html", "value": "<p><br></p><table><tbody><tr><td>Remediated Product(s)</td><td>Version(s)</td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>9.1.6<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>9.0.16<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>8.11.24<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr><tr><td>IBM Maximo Application Suite - Monitor Component</td><td>8.10.26<br><a href=\"https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading\" rel=\"nofollow\">(available from the Catalog under Update Available)</a></td></tr></tbody></table>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267481", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-25T21:22:44.935Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14684", "state": "PUBLISHED", "dateUpdated": "2026-03-28T01:49:31.469Z", "dateReserved": "2025-12-13T20:24:32.826Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-03-25T21:22:44.935Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files."}], "id": "CVE-2025-14684", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-03-25T22:16:18.660", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7267481"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}