Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38314 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45086)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weak...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33663

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pythonjose-3.3.0-py2.py3-none-any.whl CVE-2024-33663. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-35145. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35145...

Security Bulletin: Maximo Application Suite - spring-security-config-6.3.1.jar package is vulnerable to CVE-2024-38810 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses spring-security-config-6.3.1.jar package which is vulnerable to CVE-2024-38810. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38810 DESCRIPTION: VMware Tanzu Spring...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Ai-Broker Component component uses nltk-3.8.1-py3-none-any.whl which is vulnerable to this CVE-2024-39705

Summary Security Bulletin: IBM Maximo Application Suite - Ai-Broker Component component uses nltk-3.8.1-py3-none-any.whl which is vulnerable to this CVE-2024-39705 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute...

Security Bulletin: IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569

Summary IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by ...