Security Bulletin: VMware Tanzu Spring for Apache Kafka is vulnerable to CVE-2023-34040 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring for Apache Kafka which is vulnerable to CVE-2023-34040. Vulnerability Details CVEID:CVE-2023-34040 DESCRIPTION: VMware Tanzu Spring for Apache Kafka could allow a local authenticated attacker to execute arbitrary co...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...

Security Bulletin: semver-6.3.0.tgz is vulnerable to CVE-2022-25883 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses semver which is vulnerable to CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new...

Security Bulletin: The Bouncy Castle Crypto Package For Java is vulnerable to CVE-2023-33201 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses the Bouncy Castle Crypto Package For Java which is vulnerable to CVE-2023-33201. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitiv...

Security Bulletin: Snappy-java is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses snappy-java which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

Security Bulletin: Google Guava is vulnerable to CVE-2023-2976 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Google Guava which is vulnerable to CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's defau...

Security Bulletin: Python-requests is vulnerable to CVE-2023-32681 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses python-requests which is vulnerable to CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization...

Security Bulletin: VMware Tanzu Spring Boot is vulnerable to CVE-2023-20883 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Boot which is vulnerable to CVE-2023-20883. Vulnerability Details CVEID:CVE-2023-20883 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when Spring MVC is used together wi...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 and CVE-2023-20862 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2022-31692 and CVE-2023-20862. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions,...

Security Bulletin: Netty is vulnerable to CVE-2023-34462 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netty which is vulnerable to CVE-2023-34462. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS...

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20861 and CVE-2023-20863 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20861 and CVE-2023-20863. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

Security Bulletin: Netty is vulnerable to CVE-2022-41915 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netty which is vulnerable to CVE-2022-41915. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of value...

Security Bulletin: Apache Kafka is vulnerable to CVE-2022-34917 and CVE-2023-25194 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Kafka which is vulnerable to CVE-2022-34917 and CVE-2023-25194. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a...

Security Bulletin: Netplex json-smart-v2 is vulnerable to CVE-2023-1370 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netplex json-smart-v2 which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

Security Bulletin: Apache Commons Codec is vulnerable to PRISMA-2021-0055 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Codec which is vulnerable to PRISMA-2021-0055. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validati...

Security Bulletin: Flask is vulnerable to CVE-2023-30861 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Flask which is vulnerable to CVE-2023-30861. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a...

Security Bulletin: Xml2js is vulnerable to CVE-2023-0842 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Xml2js which is vulnerable to CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a...

Security Bulletin: Apache Commons FileUpload and Tomcat are vulnerable to CVE-2023-24998 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons FileUpload and Tomcat which are vulnerable to CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

Security Bulletin: SnakeYaml is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses SnakeYaml which is vulnerable to several security CVEs. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

Security Bulletin: Cisco node-jose is vulnerable to CVE-2023-25653 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Cisco node-jose which is vulnerable to CVE-2023-25653. Vulnerability Details CVEID:CVE-2023-25653 DESCRIPTION: Cisco node-jose is vulnerable to a denial of service, caused by improper calculations in ECC implementation. By sending a...