Maximo Application Suite Security Bulletins
IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172 –
Security bulletin: Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite: certifi-2023.7.22-py3-none-any.whl is vulnerable to CVE-2024-39689 used in IBM Maximo Application Suite - Edge Data Collector –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector –
Security bulletin: Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-50314 used in IBM Maximo Application Suite - Monitor Component –
Security bulletin: Security Bulletin: IBM Maximo Application Suite: djangorestframework-3.15.1-py3-none-any.whl is vulnerable to CVE-2024-21520 used in IBM Maximo Application Suite - Edge Data Collector –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector –
Maximo Asset Management Security Bulletins
IBM has released Maximo Asset Management Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45085) –
Security bulletin: Security Bulletin: Maximo Asset Management- A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45072) –
About Darlene Nerden
Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.