Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-55163)

Summary There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions...

Security Bulletin: There is a vulnerability in netty-codec-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58057)

Summary There is a vulnerability in netty-codec-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainabl...

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58056)

Summary There is a vulnerability in netty-codec-http-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable...

Security Bulletin: There is a vulnerability in reactor-netty-http-1.2.1.jar (used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-22227)

Summary There is a vulnerability inreactor-netty-http-1.2.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order f...

Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871

Summary IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871. This bulletin contains information regarding the vulnerability and how it is addressed. Vulnerabili...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses setuptools 76.1.0, urllib3-1.26.20-py2.py3-none-any.whl, cross-spawn v7.0.3, braces v3.0.2, axios-1.11.0.tgz, xmltodict-0.14.2-py2.py3-none-any.whl, WebSphere Application Server Liberty version 25.0.0.8 which is vulnerable to CVE-2025-47273, CVE-2025-5018...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081

Summary IBM Maximo Application Suite - Manage Component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. D...

CVE-2025-36386

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

EUVD-2025-36540

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

Security Bulletin: There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics

Summary There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite, when used with stand alone Cognos Analytics, where MXCSP is used for integration. A remote attacker could bypass authentication mechanisms and gain unauthorized access to Cognos Analytics...

CVE-2025-36386

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

CVE-2025-36386

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

CVE-2025-36386 There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

CVE-2025-36386

CVE-2025-36386 affects IBM Maximo Application Suite: MAS Manage component versions 9.0.0–9.0.15 and 9.1.0–9.1.4, where a flaw in MXCSP integration with Cognos Analytics allows a remote attacker to bypass authentication and gain full access. The vulnerability is linked to authentication bypass by ...

CVE-2025-36386 There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics

IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...