1827 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-29371...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx_11_0_arm64.whl which is vulnerable to CVE-2026-24747
Summary IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx110arm64.whl which is vulnerable to CVE-2026-24747, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24747 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.
Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses python_multipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486
Summary IBM Maximo Application Suite - Visual Inspection component uses pythonmultipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486 This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION:...
Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199)
Summary There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin...
Security Bulletin: There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-30922)
Summary There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Deni...
Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)
Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...
CVE-2026-4820
CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite - IoT Component uses assertj-core-3.27.6.jar, minimatch-3.1.2.tgz, flask-3.1.2-py3-none-any.whl and werkzeug-3.1.5-py3-none-any.whl third party dependencies which is vulnerable to CVE-2026-24400, CVE-2026-26996, CVE-2026-27205 and CVE-2026-27199. This bulletin...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873
Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775.
Summary IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-0775 DESCRIPTION: npm cli Incorrect Permission...
CVE-2025-14684
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...
CVE-2025-14684
CVE-2025-14684 affects IBM Maximo Application Suite - Monitor Component. Root cause: improper neutralization of special elements when written to log files, enabling log forgery. Affected versions: Monitor Component 8.10, 8.11, 9.0, 9.1. Remediation/fixes: update to Monitor Component versions 8.10...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181
Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1 which is vulnerable to CVE-2026-23490
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1-py3-none-any.whl which is vulnerable to CVE-2026-23490. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002.
Summary IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493.
Summary IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been...
Security Bulletin: IBM Maximo Application Suite uses os/exec 1.24.3; 1.24.4, ansible-9.4.0, github.com/eclipse/paho.mqtt.golang v1.3.5 and archive/tar 1.24.2; 1.24.4 which is vulnerable to CVE-2025-47906,CVE-2025-14010,CVE-2025-10543 and CVE-2025-58183
Summary IBM Maximo Application Suite uses os/exec 1.24.3; 1.24.4, ansible-9.4.0, github.com/eclipse/paho.mqtt.golang v1.3.5 and archive/tar 1.24.2; 1.24.4 which is vulnerable to CVE-2025-47906,CVE-2025-14010,CVE-2025-10543 and CVE-2025-58183. This bulletin contains information regarding the...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses eslint-9.17.0 in map-application which is vulnerable to CVE-2025-50537
Summary IBM Maximo Application Suite - Manage Component uses eslint-9.17.0 in map-application which is vulnerable to CVE-2025-50537. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50537 DESCRIPTION: Stack overflow vulnerability...
Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860.
Summary IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This Bulletine contains information about vulnerability and it's remediation. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...