Security Bulletin: Maximo Asset Management- A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45072)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33664

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pythonjose-3.3.0-py2.py3-none-any.whl CVE-2024-33664. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found Low CVE-2024-35144. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35144 DESCRIPTION: IBM Maximo...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a...

Security Bulletin: IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168

Summary IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: gRPC on Node.js is vulnerable to a denial of service, caused ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31573 DESCRIPTION: XMLUnit for Java could allow an attacker to execute...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denia...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569 Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in th...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.11.jar CVE-2024-38819. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874 Vulnerability Details CVEID:CVE-2024-47874 DESCRIPTION: Starlette is an Asynchronous Server Gateway Interface ASGI...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused ...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafte...

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application CVE-2024-40094 Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, Flask_Cors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171

Summary Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, FlaskCors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171 Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-t...

Security Bulletin: IBM Maximo Application Suite: djangorestframework-3.15.1-py3-none-any.whl is vulnerable to CVE-2024-21520 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses djangorestframework-3.15.1-py3-none-any.whl which is vulnerable to CVE-2024-21520 Vulnerability Details CVEID:CVE-2024-21520 DESCRIPTION: Encode Django REST framework is vulnerable to cross-site scripting, caused by improper validati...

Security Bulletin: There is a vulnerability in graphql-java-20.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-40094)

Summary There is a vulnerability in graphql-java-20.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

Security Bulletin: IBM Maximo Application Suite - IoT Compoenet uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569

Summary IBM Maximo Application Suite - IoT Component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated...

Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45071)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...