607 matches found
Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804.
Summary IBM Maximo Application Suite uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804 and CVE-2023-45803
Summary IBM Maximo Application Suite - IoT Component uses urllib3-1.26.14-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804 and CVE-2023-45803. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3...
Security Bulletin: There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43642)
Summary There is a vulnerability in snappy-java-1.1.10.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By...
Security Bulletin: There is a vulnerability in jetty-http-9.4.51.v20230217.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-40167 and CVE-2023-36478)
Summary There is a vulnerability in jetty-http-9.4.51.v20230217.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header...
Security Bulletin: There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (IBM X-Force ID: 256137)
Summary There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...
Security Bulletin: IBM Maximo Application Suite uses Remote Integer Buffer Overflow Vulnerability which is vulnerable to CVE-2017-7529
Summary IBM Maximo Application Suite uses Remote Integer Buffer Overflow Vulnerability which is vulnerable to CVE-2017-7529. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2017-7529 DESCRIPTION: Nginx could allow a remote attacker t...
Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)
Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a...
Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)
Summary There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-47718 DESCRIPTION: IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...
Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)
Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...
Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to Blind Server-Side Request Forgery (CVE-2023-32337)
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to Blind Server-Side Request Forgery CVE-2023-32337 Vulnerability Details CVEID:CVE-2023-32337 DESCRIPTION: IBM Maximo Spatial Asset Management is vulnerable to server-side request forgery SSRF. This may allow an...
Security Bulletin: IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857
Summary IBM Maximo Application Suite uses axios-0.25.0.tgz which is vulnerable to CVE-2023-45857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. [CVE-2023-39017]
Summary IBM Maximo Application Suite - IoT Component uses quartz-jobs-2.3.2.jar which is vulnerable. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: Quartz Job Scheduler could allow a remote attacker to execut...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses Pygments-2.14.0-py3-none-any.whl which is vulnerable to CVE-2022-40896
Summary IBM Maximo Application Suite - IoT Component uses Pygments-2.14.0-py3-none-any.whl which is vulnerable to CVE-2022-40896. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2022-40896 DESCRIPTION: Pygments is vulnerable to a...
Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804
Summary IBM Maximo Application Suite uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-43804. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated...
Security Bulletin: IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635
Summary IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by...
Security Bulletin: IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920
Summary IBM Maximo Application Suite uses certifi-2022.12.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerablity and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...
Security Bulletin: IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010_x86_64.whl which is vulnerable to CVE-2023-41419
Summary IBM Maximo Application Suite uses gevent-21.1.2-cp37-cp37m-manylinux2010x8664.whl which is vulnerable to CVE-2023-41419. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to...
Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...
Security Bulletin: Gevent, used in IBM Maximo Application Suite - Monitor Component, is vulnerable to CVE-2023-41419 which allows remote attackers to escalate privileges.
Summary IBM Maximo Application Suite - Monitor Component uses gevent, which is vulnerable to CVE-2023-41419. An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. This bulletin identifies the steps to take to...
Security Bulletin: Netty is vulnerable to CVE-2023-4586 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses netty which is vulnerable to CVE-2023-4586. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4586 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by th...