SB2025053072 - IBM Maximo Application Suite - Predict Component update for Flask



SB2025053072 - IBM Maximo Application Suite - Predict Component update for Flask

Published: May 30, 2025

Security Bulletin ID SB2025053072
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Cryptographic issues (CVE-ID: CVE-2025-47278)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear


The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to the way fallback key configuration was handled. The application used the last fallback key for signing, rather than the current signing key, which could potentially lead to data tampering.


Remediation

Install update from vendor's website.