Lucene search

IBMDD851872C3050C27E9D6C2948143CC0B5C192B1D863FD7EA1E994706C78701AF

HistoryJul 18, 2024 - 1:38 p.m.

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-37532)

2024-07-1813:38:42

www.ibm.com

ibm maximo asset management

ibm websphere application server

security vulnerability

software

ibm

cve-2024-37532

ibm websphere application server 9.0

ibm websphere application server 8.5.5 full profile

maximo asset management 7.6.1.2

maximo asset management 7.6.1.3

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera and SmartCloud Control Desk. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Maximo Asset Management core product versions affected:

Affected Product(s)	Version(s)	Affected Supporting Product and Version

Maximo Asset Management

7.6.1.2

7.6.1.3

IBM WebSphere Application Server 9.0
IBM WebSphere Application Server 8.5.5 Full Profile

To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Platform Matrix for a list of supported product combinations.

Remediation/Fixes

<https://www.ibm.com/support/pages/node/7158031>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcontrol_deskMatch7.6.1.1

ibmcontrol_deskMatch7.6.1

ibmmaximo_for_oil_and_gasMatch7.6.1

ibmmaximo_for_life_sciencesMatch7.6

ibmmaximo_for_transportationMatch7.6.2.5

ibmmaximo_for_transportationMatch7.6.2.4

ibmmaximo_for_transportationMatch7.6.2.3

ibmmaximo_asset_configuration_managerMatch7.6.7.1

ibmmaximo_asset_configuration_managerMatch7.6.7

ibmmaximo_asset_configuration_managerMatch7.6.6

ibmmaximo_for_service_providersMatch7.6.3.3

ibmmaximo_for_service_providersMatch7.6.3.2

ibmmaximo_for_service_providersMatch7.6.3.1

ibmmaximo_spatial_asset_managementMatch7.6.0.5

ibmmaximo_spatial_asset_managementMatch7.6.0.4

ibmmaximo_spatial_asset_managementMatch7.6.0.3

ibmmaximo_spatial_asset_managementMatch7.6.0.2

ibmmaximo_asset_managementMatch7.6.1

ibmmaximo_for_utilitiesMatch7.6.0.2

ibmmaximo_for_utilitiesMatch7.6.0.1

ibmmaximo_for_nuclear_powerMatch7.6.1

ibmmaximo_for_aviationMatch7.6.8

ibmmaximo_for_aviationMatch7.6.7

ibmmaximo_for_aviationMatch7.6.6

VendorProductVersionCPE
ibmcontrol_desk7.6.1.1cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*
ibmcontrol_desk7.6.1cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*
ibmmaximo_for_oil_and_gas7.6.1cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*
ibmmaximo_for_life_sciences7.6cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*
ibmmaximo_for_transportation7.6.2.5cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*
ibmmaximo_for_transportation7.6.2.4cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*
ibmmaximo_for_transportation7.6.2.3cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*
ibmmaximo_asset_configuration_manager7.6.7.1cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*
ibmmaximo_asset_configuration_manager7.6.7cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*
ibmmaximo_asset_configuration_manager7.6.6cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	control_desk	7.6.1.1	cpe:2.3:a:ibm:control_desk:7.6.1.1:::::::*
ibm	control_desk	7.6.1	cpe:2.3:a:ibm:control_desk:7.6.1:::::::*
ibm	maximo_for_oil_and_gas	7.6.1	cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:::::::*
ibm	maximo_for_life_sciences	7.6	cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:::::::*
ibm	maximo_for_transportation	7.6.2.5	cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:::::::*
ibm	maximo_for_transportation	7.6.2.4	cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:::::::*
ibm	maximo_for_transportation	7.6.2.3	cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:::::::*
ibm	maximo_asset_configuration_manager	7.6.7.1	cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:::::::*
ibm	maximo_asset_configuration_manager	7.6.7	cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:::::::*
ibm	maximo_asset_configuration_manager	7.6.6	cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:::::::*

Rows per page:

1-10 of 241

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

Related for DD851872C3050C27E9D6C2948143CC0B5C192B1D863FD7EA1E994706C78701AF