Maximo Application Suite Security Bulletins - December
IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
–Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Injection - Cross Site Scripting Rule –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to sqlparse-0.4.4-py3-none-any.whl CVE-2024-4340 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-39338 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33664 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33663 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs –
Security bulletin: Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354) –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809 –
Maximo Asset Management Security Bulletins
IBM has released Maximo Asset Management Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45071) –
Software: Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094) –
Software: Security Bulletin: There is a vulnerability in plotly.js used by IBM Maximo Asset Management application (CVE-2023-46308) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45086) –
Software: Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload (CVE-2024-45077) -
Software: Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload( CVE-2024-45088) –
Software: Security Bulletin: IBM Maximo Asset Management application is vulnerable to allow a remote attacker to traverse directories on the system. (CVE-2024-45652) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45087) –
About Darlene Nerden
Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.