Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty . This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file. This bulletin contains information regarding the...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47874 starlette-0.27.0-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-47874. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-12798

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-12798 logback-classic-1.5.12.jar Publicly disclosed vulnerability found by Mend CVE-2024-12798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52798 path-to-regexp-0.1.10.tgz (Publicly disclosed vulnerability found by Mend) CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52798 path-to-regexp-0.1.10.tgz Publicly disclosed vulnerability found by Mend CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-53981 python_multipart-0.0.17-py3-none-any.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-53981

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-53981 pythonmultipart-0.0.17-py3-none-any.whl Publicly disclosed vulnerability found by Mend CVE-2024-53981. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

Security Bulletin: IBM Maximo Application Suite - Ai-Broker Component component uses nltk-3.8.1-py3-none-any.whl which is vulnerable to this CVE-2024-39705

Summary Security Bulletin: IBM Maximo Application Suite - Ai-Broker Component component uses nltk-3.8.1-py3-none-any.whl which is vulnerable to this CVE-2024-39705 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 (Medium) detected in netty-common-4.1.114.Final.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-47535

Summary ISecurity Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 Medium detected in netty-common-4.1.114.Final.jar Publicly disclosed vulnerability found by Mend CVE-2024-47535. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52303

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl Publicly disclosed vulnerability found by Mend CVE-2024-52303. This bulletin contains information regarding the vulnerability and its...

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx_10_9_universal2.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52304

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx109universal2.whl Publicly disclosed vulnerability found by Mend CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component includes urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891

Summary IBM Maximo Application Suite - AI Broker Componen includes urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could...

Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit

RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...

Apache RocketMQ update config RCE

RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...