Security Bulletin: IBM Maximo Application Suite uses body-parser-1.20.2.tgz which is vulnerable to CVE-2024-45590.

Summary IBM Maximo Application Suite uses body-parser-1.20.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of servic...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-38314 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31573 DESCRIPTION: XMLUnit for Java could allow an attacker to execute...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45073)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45087)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Security Bulletin: IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569

Summary IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35148 DESCRIPTION: IBM Maximo Application Suite - Monit...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses werkzeug-3.0.4-py3-none-any.whl which is vulnerable to this CVE-2024-49767 and CVE-2024-49766. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172

Summary IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-41172 DESCRIPTION: Apache CXF is vulnerable to a...

Security Bulletin: IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345

Summary IBM Maximo Application Suite IoT Component uses setuptools-68.0.0-py3-none-any.whl which is vulnerable to CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on...

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses werkzeug-3.0.3-py3-none-any.whl which is vulnerable to this CVE-2024-49766 and CVE-2024-49767. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attack...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses setuptools-68.0.0-py3-none-any.wh which is vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590 This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of...

Security Bulletin: IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863

Summary IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863. This bulletin contains information regarding the vulnerability and its...