Changeflow GovPing Data Privacy & Cybersecurity IBM Maximo Asset Management DoS Vulnerability -...
Priority review Notice Added Final

IBM Maximo Asset Management DoS Vulnerability - CVSS 5.3

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published
Detected
Email

Summary

CERT-Bund published security advisory WID-SEC-2026-0965 disclosing a Denial of Service vulnerability in IBM Maximo Asset Management versions prior to 7.6.1.3 IF037. The vulnerability carries a CVSS Base Score of 5.3 (medium) and a Temporal Score of 4.6. Remote anonymous attackers can exploit this flaw to conduct DoS attacks against affected installations running on Linux, UNIX, or Windows systems.

View original document View source feed page

What changed

CERT-Bund released advisory WID-SEC-2026-0965 alerting organizations to a DoS vulnerability in IBM Maximo Asset Management. The flaw allows remote anonymous attackers to conduct denial of service attacks without requiring authentication or user interaction. Affected systems span Linux, UNIX, and Windows environments. IBM has released patch version 7.6.1.3 IF037 as remediation.

Organizations operating IBM Maximo Asset Management should treat this as a priority security update. While the CVSS score indicates medium severity, the low attack complexity and potential for remote exploitation without credentials warrants immediate patching. Enterprises in manufacturing, logistics, energy, and critical infrastructure sectors that rely on Maximo for asset and supply chain management face operational disruption risk from successful DoS attacks. CERT-Bund recommends applying the security update and implementing network-level access restrictions as mitigation measures.

What to do next

  1. Identify all IBM Maximo Asset Management installations running versions below 7.6.1.3 IF037
  2. Apply available security patches or implement recommended mitigations immediately
  3. Restrict network access to Maximo interfaces and monitor for exploitation attempts

Archived snapshot

Apr 8, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-0965] IBM Maximo Asset Management: Schwachstelle ermöglicht Denial of Service CVSS Base Score 5.3 (mittel) CVSS Temporal Score 4.6 (mittel) Remoteangriff ja Datum 06.04.2026 Stand 07.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX
  • Windows

Produktbeschreibung

Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.

Produkte

06.04.2026
- IBM Maximo Asset Management <7.6.1.3 IF037

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Maximo Asset Management ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Linux Kernel Denial of Service Vulnerability - CVSS 4.0 Medium
Priority review Apr 09, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de MediaWiki Extensions XSS Vulnerability, CVSS 8.3
Priority review Apr 11, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de OpenCTI Remote Code Execution Vulnerability - CVSS 9.1 Critical
Urgent Apr 09, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CB.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CB
Published
April 6th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0965

Who this affects

Applies to
Technology companies Manufacturers
Industry sector
5112 Software & Technology
Activity scope
Security patching Vulnerability remediation
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Information Security Software & Technology

Browse Categories

Agriculture & Food Safety 64 AI Regulation 3 Banking & Finance 291 Consumer Protection 44 Courts & Legal 362 Data Privacy & Cybersecurity 74 Defense & National Security 51 Education 19 Energy 101 Environment 86 Environmental Regulation 8 Financial Regulation 2 Government & Legislation 280 Healthcare 136 Housing 16 Immigration 8 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 136 Transportation 57

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!