Security Bulletin: There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33558)

Summary There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33558 DESCRIPTION: Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will outpu...

Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)

Summary There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33929 DESCRIPTION: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples...

Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)

Summary There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33929 DESCRIPTION: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples...

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.21.12-cp37-abi3-manylinux2014_x86_64.whl and protobuf-4.25.7-cp37-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.21.12-cp37-abi3-manylinux2014x8664.whl and protobuf-4.25.7-cp37-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2025-4565.This bulletin contains information addressing the vulnerability. Vulnerabili...

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34480 ,CVE-2026-34477, CVE-2026-34478, CVE-2026-34479)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.25.3-cp37-abi3-manylinux2014_x86_64.whl, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2026-0994

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.25.3-cp37-abi3-manylinux2014x8664.whl, protobuf-6.33.4-cp39-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2026-0994.This...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.10.Final.jar, netty-codec-http2-4.2.9.Final.jar which is vulnerable to CVE-2026-33871

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.10.Final.jar, netty-codec-http2-4.2.9.Final.jar which is vulnerable to CVE-2026-33871.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33871...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.9.Final.jar which is vulnerable to CVE-2026-33870

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.9.Final.jar which is vulnerable to CVE-2026-33870.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz, uuid-9.0.1.tgz which is vulnerable to CVE-2026-41907

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz, uuid-9.0.1.tgz which is vulnerable to CVE-2026-41907. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-31958

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-31958. This bulletin contains information addressing the vulnerability. Vulnerability...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-35536

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-35536.This bulletin contains information addressing the vulnerability. Vulnerability...

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses kafka-clients-3.9.1.jar which is vulnerable to CVE-2026-35554

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses kafka-clients-3.9.1.jar which is vulnerable to CVE-2026-35554.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression ...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043,...