Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45085)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689

Summary IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...

Security Bulletin: IBM Maximo Application Suite: certifi-2023.7.22-py3-none-any.whl is vulnerable to CVE-2024-39689 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide...

Security Bulletin: IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345

Summary IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to this CVE-2024-6119

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to this CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

Security Bulletin: IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863

Summary IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863. This bulletin contains information regarding the vulnerability and its...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attack...

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION...

Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-3.1.3-py3-none which is vulnerable to CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by...

Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses idna-2.8-py2.py3-none-any.whl which is vulnerable to CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encod...

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to sqlparse-0.4.4-py3-none-any.whl CVE-2024-4340

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to sqlparse-0.4.4-py3-none-any.whl CVE-2024-4340. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: sqlparse is vulnerable to a denial of service,...

Security Bulletin: IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172

Summary IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-41172 DESCRIPTION: Apache CXF is vulnerable to a...