Vulnerability of the Monitor component of the IBM Maximo Application Suite, a cloud-based artificial intelligence-driven enterprise asset management platform. It is possible to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Monitor component in the IBM Maximo Application Suite for corporate asset management platform exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, allows a perpetrator to disclose protected information.

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, is related to improper processing of output data from registration logs. Exploiting this vulnerability can allow an attacker to disclose...

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538

Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566...

CVE-2024-22328

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 279950...

Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45085)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp i...

Security Bulletin: Maximo Asset Management- A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45072)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused ...

Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45071)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found Low CVE-2024-35144. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35144 DESCRIPTION: IBM Maximo...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45086)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weak...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33663

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pythonjose-3.3.0-py2.py3-none-any.whl CVE-2024-33663. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote...

Security Bulletin: IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689

Summary IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to this CVE-2024-6119

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to this CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses jsonpath-plus-9.0.0.tgz which is vulnerable to this CVE-2024-21534. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions o...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-webflux-6.1.13.jar which is vulnerable to this CVE-2024-38819. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION...