Lucene search

IBMD8BAEB1585CE72B1A5299B92EFFFB439F553455EC3B3FD6627BDFC2D22CA8912

HistoryApr 05, 2024 - 1:47 p.m.

Security Bulletin: There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-20918, CVE-2024-20926 and CVE-2024-20952)

2024-04-0513:47:03

www.ibm.com

ibm maximo

java se

vulnerability

manage

application suite

cve-2024-20918

cve-2024-20926

cve-2024-20952

upgrade

patch fix

release

confidentiality impact

integrity impact

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

33.6%

JSON

Summary

There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite.

Vulnerability Details

CVEID:CVE-2024-20918
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2024-20926
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279716 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-20952
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Maximo Application Suite - Manage Component

MAS 8.10.0 - Manage 8.6.0

IBM Maximo Application Suite - Manage Component|

MAS 8.11.0 - Manage 8.7.0

Remediation/Fixes

For IBM Maximo Manage application in IBM Maximo Application Suite:

MAS	Manage Patch Fix or Release
Upgrade to MAS 8.10.11

Upgrade to Manage 8.6.11 or latest (available from the Catalog under Update Available)

Upgrade to MAS 8.11.8|

Upgrade to Manage 8.7.6 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm maximo application suiteeq8.10
ibm maximo application suiteeq8.11

CPE	Name	Operator	Version
	ibm maximo application suite	eq	8.10
	ibm maximo application suite	eq	8.11

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

33.6%

JSON

Related for D8BAEB1585CE72B1A5299B92EFFFB439F553455EC3B3FD6627BDFC2D22CA8912