Vulnerability of the Monitor component of the IBM Maximo Application Suite, a cloud-based artificial intelligence-driven corporate asset management platform, allowing unauthorized access to protected information

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, is related to insufficient protection of sensitive data in the source code. Exploiting this vulnerability could allow an attacker operating...

Vulnerability of the Monitor component of the IBM Maximo Application Suite, a cloud-based artificial intelligence-driven enterprise asset management platform. It is possible to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Monitor component in the IBM Maximo Application Suite for corporate asset management platform exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538

Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566...

CVE-2024-22328

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 279950...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590 This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45073)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.4-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.4-cp37-abi3-manylinux228x8664.whl CVE-2024-6119. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35148 DESCRIPTION: IBM Maximo Application Suite - Monit...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: VMware Tanzu Spring Security could allow a remote...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45087)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses braces-3.0.2.tgz package which is vulnerable to CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-3660 DESCRIPTION: TensorFlow Keras could allow a remote attack...

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

Security Bulletin: IBM Maximo Application Suite uses body-parser-1.20.2.tgz which is vulnerable to CVE-2024-45590.

Summary IBM Maximo Application Suite uses body-parser-1.20.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of servic...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting,...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816

Summary Security Bulletin:IBM Maximo Application Suite - AI Broker Component component uses spring-webmvc-6.1.12.jar which is vulnerable to this CVE-2024-38816. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION:...