Main Blog

Installing an offline OpenShift Cluster and Mirroring the required Image Registries. Part 1 of 3, preparation and initial installation

Julio Perera — Thu, 04 Jun 2026 11:27:00 GMT

We are continuing our series of Blog Entries to cover some MAS deployment scenarios either left out or not appropriately covered on the IBM Ansible scripts. We are going to also discuss considerations and tips and hints around these deployments. This time we are installing an offline OpenShift Cluster and Mirroring the required Image Registries. This is Part 1 of 3, to cover preparation and initial installation.

We wanted to have comprehensive step by step documentation on how to configure an offline or air-gapped OpenShift Cluster, or a cluster in an environment that is not permanently connected to the internet. In that regard, two situations may occur that require slightly different approaches:

Completely disconnected cluster, which requires downloading files in portable storage from an online location first, then physically move the portable storage to the offline (or air-gapped) location to set up the Image Registry with those files.
A partially disconnected cluster, for which intermittent connection to the internet may exist, in which case, having a local Image Registry with the installation and other images will be needed in case the cluster needs some image to spawn a new Pod when there is no Internet connection as it will be always available locally. This largely depends on the imagePullPolicy configured for the Pods which makes sense to be always set to “IfNotPresent”, but even with that; in case the Pod is scheduled in a Node where it has not been scheduled in the immediate past then it will require an Image Pull in order to run successfully and therefore avoid outages due to the lack of Internet connectivity.

We also want to test and state any required steps to update the catalogs and upgrade both the OpenShift Cluster and the MAS instances plus dependencies by periodically uploading/downloading new images to the separate Image Registry.

Pre-requisites

First, we need to ensure we have a separate workstation with internet access to use as the Image Registry for downloading the content of the Container Images from the primary repositories on the Internet. This may be the same Bastion Host in permanent installations that have intermittent Internet connectivity (case b) above) or some other workstation that will serve as a gathering point for downloading the initial package contents and any future updates later on (so it is not recommended to decommission it but it can be left turned off when it is not needed). Also, the right amount of storage will be needed for Images for both the RedHat OpenShift installation and the Maximo Application Suite images and dependencies. While size of images

In our setup, we set up a new Rocky Linux workstation with 4 vCPUs and 6GB of RAM and 1TB of primary disk space. The primary (OS/root fs) disk is going to serve as both the Operating System disk and as the Image Storage disk. The idea is to re-use this same VM both for the Staging VM where the images are downloaded to the secondary disk AND the final internal Image Registry where the packages will be loaded from a portable USB disk that was filled from the Staging VM. We are going to make it so those could be two separate VMs as needed and in our case, an external USB disk with the images will need to be moved from the Connected Image Registry workstation to the final Disconnected Image Registry workstation which will not happen in our case in order not to have to setup two separate VMs and be more efficient resource wise.

In that regard, we will have two separate disk and mount points:

The primary local disk will contain the OS and the container images that the Image Registry uses. We tried to store the Image Registry images in a separate disk but that ended up more complex and less efficient than just having a single root/OS disk of a bigger size to hold all images.
An already formatted and ready to use USB portable disk that will contain the portable container images that we will use to move from the Staging VM (Internet connected) to the final Image Registry VM (which doesn’t have Internet connection). We will mount on /mnt/images/transfer. Avoid using NTFS or exFAT for the filesystem, ext4 or XFS can be used as desired.

Installing the first VM with Internet access to download the images

To do so, we created a new VM with the intended size (4 vCPUs, 6GB of RAM and 40 + 1024 GB of disk) and named it “dcr.local02.mas.interloc.cloud” with IP address 192.168.8.122. In our case, DCR meaning “Disconnected Container Registry” which is a little misnomer as the VM will be connected to the Internet, but we are going to ensure the SNO RH OCP Cluster in the same will not have Internet access instead, more on that later.

We used the following configuration (the MAC Address was generated online randomly but using a custom reserved prefix that will never collision with any manufacturer assigned prefix). We also made sure the IP Address and MAC Address were defined in a DHCP reservation in our network and added an “A” DNS record in CloudFlare to map the name to the IP address.

Hostname: dcr.local02.mas.interloc.cloud

MAC address: 02:2c:29:4d:7d:f3

IP address: 192.168.8.133

We installed it using the latest “Rocky-10.1-x86_64-dvd1.iso” file and followed the steps as per below. In both cases this file needs to be downloaded first, then mounted on the virtual (or physical) DVD drive of the workstation to be set up.

Note: To install a FIPS compliant workstation instead (which is required for a FIPS enabled OpenShift), ensure to choose “Install Rocky Linux 10.1 in FIPS mode” from the Boot Menu.

In the Welcome to Rocky Linux 10.1 step, we chose “English” > “English (United States)” as language.

In the INSTALLATION SUMMARY step, we modified only:

KDUMP: We set it as “Disabled”.
Network & Host Name: We ensured the IP address appeared as “192.168.8.133” as expected and manually set the Hostname to “dcr.local02.mas.interloc.cloud” do not forget to <Apply>.
Installation Destination: As “sda”, the only 1TB disk. Under “Storage Configuration > Custom”.
Press <Done> then under “New mount points will use the following partitioning scheme > Standard Partition” and afterwards under “Manual Partitioning > Click here to create them automatically” then remove the “/home” (sda5) partition from the list and then expand the “/” (root) (sda4) partition to the whole disk by entering a number higher than existing free space on the “Desired Capacity” field such as “2048 GiB” and selecting <Done> then <Cancel & Return to Custom Partitioning> which should display the maximum allowable size on the “Desired Capacity” field. Finally press <Done> again and <Accept Changes> to submit.
KDUMP: We set it as “Disabled”.
Network & Host Name: We ensured the IP address appeared as “192.168.8.133” as expected and manually set the Hostname to “dcr.local02.mas.interloc.cloud” do not forget to <Apply>.
- Base Environment: Server
- Additional software for Selected Environment:
  - Network Servers
  - Remote Management for Linux
  - Console Internet Tools
  - Container Management
  - Headless Management
  - System Tools
  - Software Selection:
- - ROOT ACCOUNT: Enable root account: <checked>
    - Root Password: <not-shown-here>
    - Confirm: <not-shown-here>
    - Allow root SSH login with password: <checked>
  - User Creation: No user will be created
  Notice we are going to use the “root” user for everything given this is a test setup but otherwise, creating a separate user and using “sudo” should be the right approach.
- To start the installation, we clicked on <Begin Installation>. Waited while the software installed as it did take a while.
  
  Once the system has completely installed, we can login to it via SSH with the login and password configured above (in our case, just “root”). The next step was to run “dnf -y update” to install updated packages for everything, including reboot as a new kernel was installed and “dnf remove --oldinstallonly” to remove the old kernel once the workstation has rebooted with the new one. For this step to work, as expected, this workstation needs to have Internet access at that time. Otherwise, we can skip this step and leave with the version installed from the DVD without updating.
  
  Also, the “nmstatectl” utility is required by the “openshift-install” binary but not present in the software selection made from the DVD. Therefore, we should install it using “dnf -y install nmstate”.
- After that, we formatted and created the mount point for the external USB disk of 1TB to use as the Image Registry Export/Import path to transport the files between the connected and disconnected workstations (or Image Registries). In our case, we are going to mount it into “/mnt/images/transfer” using the following commands.
  - Determine the device name (using “lsblk”). In our case “/dev/sdb”.
  - Create a partition using “fdisk /dev/sdb”. In our case “/dev/sdb1” using the whole disk. By using the “n” option and primary partition “p” then accepting all other prompts as they came. Confirm using “p”. Leave with “w”.
  - Execute “mkfs.xfs /dev/sdb1” to create the filesystem (we chose XFS instead of EXT4).
  - Execute: “mkdir -p /mnt/images/transfer” to create the mount point.
  - Mount the partition on the mount point (we are not making it a permanent mount as it is a removable drive). Using “mount /dev/sdb1 /mnt/images/transfer”.
  - Confirm with “df”. See below for what we got in our case:

/dev/sdb1 3906973696 24576 3906949120 1% /mnt/images/transfer

Given that we already installed “Container Management” we should already have “podman” available. Otherwise “dnf -y install podman” should do.

At this point is also important to check that the root filesystem has all the available space for the primary hard disk by using “df” and not the “/home” partition which should not exist. If not, either we need to reinstall from scratch (follow instructions above) or to remove the “/home” partition, resize the “/” (root) partition and filesystem then remount.

Enable it as a service by executing “systemctl enable --now podman” plus “systemctl enable --now podman-restart”.

Pre-requisites for all cases

We wanted to execute some pre-requisites that are required both for “Direct Mirroring” and for the “2-phase Mirroring”, basically to install the “oc” client and “Docker registry” images we use:

Public Facing workstation

On the public facing workstation:

export OCP_RELEASE="4.20"

mkdir -p ~/downloads

cd ~/downloads

wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-$OCP_RELEASE/openshift-client-linux.tar.gz

tar -xvzf openshift-client-linux.tar.gz

mv oc kubectl /usr/local/bin

To test, just issue “oc version”, and in our case, we got the following output:

Copy the resulting file “openshift-client-linux.tar.gz” into “/mnt/images” as well.

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export MIRROR_SINGLE_ARCH="amd64"

cd ~/downloads

mkdir -p $LOCAL_TRANSFER_DIR

cp openshift-client-linux.tar.gz $LOCAL_TRANSFER_DIR

Note: If we want to mirror all available architectures instead of just “amd64” (restricted to save on storage space), we could use “.*” instead for MIRROR_SINGLE_ARCH.

Then, the “openshift-install” binaries as well, similar process to “oc”:

export OCP_RELEASE="4.20"

mkdir -p ~/downloads

cd ~/downloads

wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-$OCP_RELEASE/openshift-install-linux.tar.gz

tar -xvzf openshift-install-linux.tar.gz

mv openshift-install /usr/local/bin

wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-$OCP_RELEASE/openshift-install-rhel9-amd64.tar.gz

tar -xvzf openshift-install-rhel9-amd64.tar.gz

mv openshift-install-fips /usr/local/bin

To test, just issue “openshift-install version”, and in our case, we got the following output:

And the same for the “openshift-install-fips version”:

Copy the resulting file “openshift-install-linux.tar.gz” and “openshift-install-rhel9-amd64.tar.gz” into “/mnt/images” as well.

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export MIRROR_SINGLE_ARCH="amd64"

cd ~/downloads

mkdir -p $LOCAL_TRANSFER_DIR

cp openshift-install-linux.tar.gz $LOCAL_TRANSFER_DIR

cp openshift-install-rhel9-amd64.tar.gz $LOCAL_TRANSFER_DIR

Next, we are going to download the “Registry” images as well to use in the disconnected environment:

mkdir -p $LOCAL_TRANSFER_DIR/registry

podman pull docker.io/library/registry:2

podman save -o $LOCAL_TRANSFER_DIR/registry/registry-2.tar docker.io/library/registry:2

Next, download the MAS CLI image as well:

oc image mirror --dir $LOCAL_TRANSFER_DIR/cli quay.io/ibmmas/cli:latest file://ibmmas/cli:latest --filter-by-os=$MIRROR_SINGLE_ARCH

This should create a folder structure inside the “/mnt/images/transfer” with the latest MAS CLI images.

After that, we are going to create a self-signed certificate for the Image Registry, to do so we used the following commands (the certificate is for 20 years):

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export REGISTRY_HOST="dcr.local02.mas.interloc.cloud"

export REGISTRY_IP="192.168.8.133"

mkdir -p $LOCAL_TRANSFER_DIR/auth

openssl req -newkey rsa:4096 -nodes -sha256 \

-keyout "$LOCAL_TRANSFER_DIR/auth/registry.key" \

-x509 -days 7300 \

-out "$LOCAL_TRANSFER_DIR/auth/registry.crt" \

-subj "/CN=$REGISTRY_HOST" \

-addext "subjectAltName=DNS:$REGISTRY_HOST,IP:$REGISTRY_IP"

And to add authentication to it, we use:

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export REGISTRY_USERNAME="registry"

export REGISTRY_PASSWORD="registry-password"

dnf -y install httpd-tools

htpasswd -Bbn "$REGISTRY_USERNAME" "$REGISTRY_PASSWORD" > "$LOCAL_TRANSFER_DIR/auth/htpasswd"

Private (disconnected) workstation

Having mounted the external hard drive on the same “/mnt/images” path, first, let’s install the “oc” client:

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export MIRROR_SINGLE_ARCH="amd64"

tar -xvzf $LOCAL_TRANSFER_DIR/openshift-client-linux.tar.gz

mv oc kubectl /usr/local/bin

Next, load the “registry:2” image into podman using:

podman load -i $LOCAL_TRANSFER_DIR/registry/registry-2.tar

Container Registry (for all cases)

First, we are going to copy the required authentication, certificate, private key, etc. from the TRANSFER location to the STORAGE location due to the TRANSFER location being a removable drive whereas the STORAGE location is in a permanent mount. To do so, we used:

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export LOCAL_STORAGE_DIR="/mnt/images/storage"

mkdir -p "${LOCAL_STORAGE_DIR}/data"

cp -r $LOCAL_TRANSFER_DIR/auth $LOCAL_STORAGE_DIR

Then, run the following command to execute the registry:

export LOCAL_STORAGE_DIR="/mnt/images/storage"

export REGISTRY_PORT="5000"

podman run -d \

-p ${REGISTRY_PORT}:5000 \

--name private-registry \

--restart always \

-v "${LOCAL_STORAGE_DIR}/data:/var/lib/registry:Z" \

-v "${LOCAL_STORAGE_DIR}/auth:/auth:Z" \

-e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/registry.crt \

-e REGISTRY_HTTP_TLS_KEY=/auth/registry.key \

-e REGISTRY_AUTH=htpasswd \

-e REGISTRY_AUTH_HTPASSWD_REALM="Private Registry" \

-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \

registry:2

Notice the above command runs a registry which we named “disconnected-registry” on TCP Port: 5000 of both the host and the container and mapping the host “/mnt/images/storage” folder to the container “/var/lib/containers” folder and using the “Z” option meaning private access to the path to avoid permission issues inside the container to “/var/lib/containers”. In this case, it will store the containers images outside of the Pod ephemeral filesystem so they will persist between reboots or other container restarts.

Next, to extract a Pull Secret from the above credentials that can be used to pull images from OpenShift, we used:

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export REGISTRY_HOST="dcr.local02.mas.interloc.cloud"

export REGISTRY_PORT="5000"

export REGISTRY_USERNAME="registry"

export REGISTRY_PASSWORD="registry-password"

podman login --tls-verify=false -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $REGISTRY_HOST:$REGISTRY_PORT --authfile $LOCAL_TRANSFER_DIR/auth/private-registry-pullsecret.json

To confirm the Pull Secret was generated correctly, we can use:

cat $LOCAL_TRANSFER_DIR/auth/private-registry-pullsecret.json

Which in our case, printed out:

{

"auths": {

"dcr.local02.mas.interloc.cloud:5000": {

"auth": "cmVnaXN0cnk6cmVnaXN0cnktcGFzc3dvcmQ="

}

Note: Additional useful commands may be (in case the mirroring fails to debug errors and clear space, etc.):

podman logs private-registry >> To see startup/current logs

podman ps >> To list containers running in the host, it will output the <container-id> that can be used later

podman exec -it <container-id> /bin/sh >> Execute a shell on the target container to issue commands inside (such as "df", etc.)

podman stop <container-id> >> To stop the target container

podman pod rm -a -f >> To clear all non-running containers

podman system prune -a --volumes >> To prune the filesystem and free space of cleared containers

Confirm connection to the registry

To confirm, from another workstation with access to the IP and port and having “podman” (or “docker”), use:

export REGISTRY_HOST="dcr.local02.mas.interloc.cloud"

export REGISTRY_PORT="5000"

export REGISTRY_USERNAME="registry"

export REGISTRY_PASSWORD="registry-password"

podman login --tls-verify=false -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $REGISTRY_HOST:$REGISTRY_PORT

The response we should expect is:

To remove the saved credentials and log off, we can use:

podman logout $REGISTRY_HOST:$REGISTRY_PORT

Restore the MAS CLI images in the Disconnected Workstation

To restore the MAS CLI images that were saved before on the Internet Connected workstation (once the registry is running there) we used the following commands:

export LOCAL_TRANSFER_DIR="/mnt/images/transfer"

export REGISTRY_HOST="dcr.local02.mas.interloc.cloud"

export REGISTRY_PORT="5000"

export REGISTRY_USERNAME="registry"

export REGISTRY_PASSWORD="registry-password"

export MIRROR_SINGLE_ARCH="amd64"

podman login --tls-verify=false $REGISTRY_HOST:$REGISTRY_PORT -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD

oc image mirror --insecure=true --dir $LOCAL_TRANSFER_DIR/cli file://ibmmas/cli:latest $REGISTRY_HOST:$REGISTRY_PORT/ibmmas/cli:latest --filter-by-os=$MIRROR_SINGLE_ARCH

The above command should restore the MAS CLI images in the local image registry. And therefore, we should be able to pull them when invoking the CLI container.

To test that it works, we could use:

podman run -ti --rm --tls-verify=false $REGISTRY_HOST:$REGISTRY_PORT/ibmmas/cli:latest

Just use “exit” to leave the container terminal and stop it.

This is just the beginning. Join us next week for Part 2 of our three-part series as we continue exploring offline OpenShift deployments and image registry management for IBM Maximo Application Suite environments.

To stay up to date on this series and future technical insights, tips, and best practices from our experts, complete the form below and subscribe to our blog mailing list.

References:

The related IBM documentation can be found under https://www.ibm.com/docs/en/masv-and-l/cd?topic=cli-in-disconnected-environments.

There are also important caveats and considerations contained in https://www.ibm.com/docs/en/masv-and-l/cd?topic=cli-prerequisites-installing.

Also, the following URLs contain some command references for the “mirror-images” and “mirror-redhat-images” commands when using the IBM MAS CLI: https://ibm-mas.github.io/cli/guides/image-mirroring/.

However, there are also related RedHat resources which are more general in nature to mirror the registries locally by using the “oc-mirror” tool for disconnected environment as discussed in https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/installing/installing-mirroring-installation-images

Maximo Application Suite Security Bulletins-May 2026-2

Darlene Nerden — Wed, 27 May 2026 13:49:18 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-****-*****) –

https://www.ibm.com/support/pages/node/7271576?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in jackson-core-2.15.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (WS-2026-0003) –

https://www.ibm.com/support/pages/node/7271569?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lodash-4.17.23.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-2950) –

https://www.ibm.com/support/pages/node/7271578?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063 –

https://www.ibm.com/support/pages/node/7271600?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800 –

https://www.ibm.com/support/pages/node/7271580?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 –

https://www.ibm.com/support/pages/node/7271603?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597 –

https://www.ibm.com/support/pages/node/7271601?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922 –

https://www.ibm.com/support/pages/node/7271602?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.6, pyasn1-0.6.2, requests-2.32.5 and cryptography-46.0.5 library which were vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7271702?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2021-32723) –

https://www.ibm.com/support/pages/node/7271709?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in requests-2.32.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-25645) –

https://www.ibm.com/support/pages/node/7271712?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz which is vulnerable to CVE-2026-26996 –

https://www.ibm.com/support/pages/node/7271718?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873 –

https://www.ibm.com/support/pages/node/7271717?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2026-22701 –

https://www.ibm.com/support/pages/node/7271721?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses lodash-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800 –

https://www.ibm.com/support/pages/node/7271716?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2026-22701 –

https://www.ibm.com/support/pages/node/7271723?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses Werkzeug which is vulnerable to CVE-2026-27199 –

https://www.ibm.com/support/pages/node/7271720?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007 –

https://www.ibm.com/support/pages/node/7271719?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-4.5.3.tgz which is vulnerable to CVE-2026-25128, CVE-2026-25896 and CVE-2026-26278 –

https://www.ibm.com/support/pages/node/7271730?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses diff-8.0.2.tgz which is vulnerable to CVE-2026-24001 –

https://www.ibm.com/support/pages/node/7271734?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses black-26.1.0 which is vulnerable to CVE-2026-31900 –

https://www.ibm.com/support/pages/node/7271738?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses Lodash which is vulnerable to CVE-2025-13465 –

https://www.ibm.com/support/pages/node/7271740?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz which is vulnerable to CVE-2026-26960 –

https://www.ibm.com/support/pages/node/7271732?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718 and CVE-2026-40175 –

https://www.ibm.com/support/pages/node/7271733?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809 –

https://www.ibm.com/support/pages/node/7271736?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.2.tgz which is vulnerable to CVE-2026-24842 –

https://www.ibm.com/support/pages/node/7271742?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639 –

https://www.ibm.com/support/pages/node/7271731?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225 –

https://www.ibm.com/support/pages/node/7271735?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom which is vulnerable to CVE-2026-34601 –

https://www.ibm.com/support/pages/node/7271737?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922 –

https://www.ibm.com/support/pages/node/7271739?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786 –

https://www.ibm.com/support/pages/node/7271746?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses Websphere Liberty v.25.0.0.12 which is vulnerable to CVE-2024-29371, CVE-2025-12635 and CVE-2025-14914 –

https://www.ibm.com/support/pages/node/7271747?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.9.tgz which is vulnerable to CVE-2026-31802 –

https://www.ibm.com/support/pages/node/7271752?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205 –

https://www.ibm.com/support/pages/node/7271753?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427

https://www.ibm.com/support/pages/node/7271756?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896 –

https://www.ibm.com/support/pages/node/7271755?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz, tar-7.5.9.tgz which is vulnerable to CVE-2026-29786 –

https://www.ibm.com/support/pages/node/7271758?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filippo.io/edwards25519 which is vulnerable to CVE-2026-26958 –

https://www.ibm.com/support/pages/node/7271760?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904 –

https://www.ibm.com/support/pages/node/7271759?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540 –

https://www.ibm.com/support/pages/node/7271757?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033 –

https://www.ibm.com/support/pages/node/7271761?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses axios-1.13.6.tgz which is vulnerable to CVE-2026-40175 –

https://www.ibm.com/support/pages/node/7271875?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718 –

https://www.ibm.com/support/pages/node/7271876?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.wh which is vulnerable to CVE-2026-34073 –

https://www.ibm.com/support/pages/node/7272292?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996 –

https://www.ibm.com/support/pages/node/7272302?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 –

https://www.ibm.com/support/pages/node/7272301?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7272303?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205 –

https://www.ibm.com/support/pages/node/7272304?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199 –

https://www.ibm.com/support/pages/node/7272307?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2026-33750 –

https://www.ibm.com/support/pages/node/7272309?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645 –

https://www.ibm.com/support/pages/node/7272308?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073 –

https://www.ibm.com/support/pages/node/7272310?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses lodash-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800 –

https://www.ibm.com/support/pages/node/7272311?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Security bulletin: Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2026-40175 –

https://www.ibm.com/support/pages/node/7274001?myns=swgother&mynp=OCSSJ5IPE&mync=E&cm_sp=swgother-_-OCSSJ5IPE-_-E

Still have questions or need help. Please reach out to us here.

Interloc Solutions Heads to TRC Conference 2026 to Help Organizations Build Smarter, More Reliable Operations

marketing@interlocsolutions.com (Interloc Solutions) — Thu, 14 May 2026 12:10:16 GMT

Interloc Solutions is proud to be attending and sponsoring The Reliability Conference (TRC) 2026, taking place May 19–20 in San Francisco, California.

The TRC Conference has become one of the premier events for professionals focused on reliability, maintenance, operations, engineering, and asset management. Bringing together industry leaders, innovators, and operational teams from across multiple industries, the event creates an environment centered around operational excellence, continuous improvement, workforce innovation, and the future of reliability.

For Interloc, this event aligns directly with what we help organizations solve every day.

Across industries, organizations continue to face increasing pressure to improve reliability, modernize operations, reduce downtime, support field teams more effectively, and gain greater visibility across assets and infrastructure—all while preparing for future growth and digital transformation.

That’s where Interloc Solutions continues to stand apart.

For over 20 years, Interloc has helped organizations bridge the gap between operations, technology, field execution, and long-term asset performance. As an IBM Platinum Partner with deep expertise in enterprise asset management, cloud services, mobility, integrations, and operational modernization, Interloc works with organizations to create scalable solutions designed for how operations actually function in the real world.

What makes Interloc different is the ability to connect operational strategy with practical execution.

Organizations today need more than disconnected systems and fragmented workflows. They need operational visibility, connected field teams, and scalable infrastructure. They need technology solutions that support reliability goals instead of creating additional complexity.

At The Reliability Conference (TRC), Interloc will be showcasing how organizations are modernizing operations through:

Cloud & Managed Services

Organizations are increasingly looking for secure, scalable, and future-ready environments that reduce operational risk while supporting long-term growth. Interloc helps organizations modernize infrastructure and improve operational continuity through enterprise cloud and managed service solutions designed specifically for mission-critical operations.

Enterprise Mobility Solutions

Field teams need access to the right information at the right time—regardless of connectivity challenges or operational environments. Interloc’s mobility solutions help organizations improve field execution, streamline workflows, reduce delays, and create more connected operations between the field and the back office.

Asset Management Modernization

Modern asset management requires more than tracking assets—it requires visibility, data accuracy, operational intelligence, and scalable processes that support long-term reliability and performance goals. Interloc helps organizations modernize asset management strategies while improving operational efficiency and decision-making.

Operational Visibility & Reliability Support

Operational leaders need actionable insights that help improve reliability, performance, planning, and responsiveness across their organizations. Interloc helps organizations improve visibility across operations to support smarter decision-making and stronger operational outcomes.

Connected Field Operations

The future of reliability depends on how effectively organizations connect people, assets, systems, and operational data. Interloc helps organizations create connected operational environments that improve collaboration, responsiveness, and operational performance across teams.

As reliability and operational excellence continue to evolve, organizations need partners that understand both the technology side and the operational side of the business.

That’s why events like The Reliability Conference matter.

They create opportunities for organizations to learn from one another, explore new strategies, discuss operational challenges, and connect with partners that can help support long-term success.

Interloc Solutions looks forward to connecting with attendees throughout the event and discussing how organizations are building smarter, more reliable operations for the future.

If you’ll be attending TRC Conference 2026, stop by and connect with the Interloc team.

Let’s Talk Reliability & Operations

Maximo Application Suite Security Bulletins May 2026

Darlene Nerden — Tue, 12 May 2026 12:13:30 GMT

Maximo Application Suite Security Bulletins

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively –

https://www.ibm.com/support/pages/node/7268031?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 –

https://www.ibm.com/support/pages/node/7268032?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7268275?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-26007) –

https://www.ibm.com/support/pages/node/7268617?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161) –

https://www.ibm.com/support/pages/node/7268612?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lodash-4.17.21.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-13465) –

https://www.ibm.com/support/pages/node/7268616?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002) –

https://www.ibm.com/support/pages/node/7268613?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-30922) –

https://www.ibm.com/support/pages/node/7268614?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199) –

https://www.ibm.com/support/pages/node/7268615?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses python_multipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486 –

https://www.ibm.com/support/pages/node/7268619?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860 –

https://www.ibm.com/support/pages/node/7268639?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205 –

https://www.ibm.com/support/pages/node/7268663?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7268662?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-13333) –

https://www.ibm.com/support/pages/node/7269126?myns=swgother&mynp=OCSSLKT6&mynp=OCSSLL9Z&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSWT9A&mync=E&cm_sp=swgother-_-OCSSLKT6-OCSSLL9Z-OCSSLL8M-OCSSLL84-OCSSLLAM-OCSSLL9G-OCSSKVFR-OCSSG2D3-OCSS5RRF-OCSSLKSJ-OCSSWT9A-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990 –

https://www.ibm.com/support/pages/node/7269685?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007 –

https://www.ibm.com/support/pages/node/7269686?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312 –

https://www.ibm.com/support/pages/node/7269741?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727 –

https://www.ibm.com/support/pages/node/7269742?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx_11_0_arm64.whl which is vulnerable to CVE-2026-24747 –

https://www.ibm.com/support/pages/node/7270948?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.12.2.tgz which is vulnerable to CVE-2026-25639 –

https://www.ibm.com/support/pages/node/7271237?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645 –

https://www.ibm.com/support/pages/node/7271240?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7271239?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7271238?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318 –

https://www.ibm.com/support/pages/node/7271266?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465 –

https://www.ibm.com/support/pages/node/7271267?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz, lodash-es-4.17.22.tgz which is vulnerable to CVE-2025-13465 –

https://www.ibm.com/support/pages/node/7271268?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471 –

https://www.ibm.com/support/pages/node/7271410?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371 –

https://www.ibm.com/support/pages/node/7271269?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-28500 –

https://www.ibm.com/support/pages/node/7271262?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391 –

https://www.ibm.com/support/pages/node/7271261?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228 –

https://www.ibm.com/support/pages/node/7271263?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 –

https://www.ibm.com/support/pages/node/7271265?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 –

https://www.ibm.com/support/pages/node/7271264?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a remote code execution vulnerability and vulnerable to CVE-2025-14914 –

https://www.ibm.com/support/pages/node/7271257?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses socket.io-parser-4.2.4 in inspections app which is vulnerable to CVE-2026-33151 –

https://www.ibm.com/support/pages/node/7271412?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274 –

https://www.ibm.com/support/pages/node/7271260?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.12.2.tgz, axios-1.13.1.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639 –

https://www.ibm.com/support/pages/node/7271258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by a remote code execution vulnerability (CVE-2025-14914) –

https://www.ibm.com/support/pages/node/7271245?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to this CVE-2026-30922 –

https://www.ibm.com/support/pages/node/7271419?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses requests-2.32.4-py3-none-any.whl, requests-2.32.5-py3-none-any.whl which is vulnerable to CVE-2026-25645 –

https://www.ibm.com/support/pages/node/7271420?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073 –

https://www.ibm.com/support/pages/node/7271421?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-39892 –

https://www.ibm.com/support/pages/node/7271422?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz which is vulnerable to CVE-2026-32141 –

https://www.ibm.com/support/pages/node/7271513?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718 –

https://www.ibm.com/support/pages/node/7271512?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2025-14923 –

https://www.ibm.com/support/pages/node/7271514?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses lodash-4.17.23.tgz, lodash-es-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800 –

https://www.ibm.com/support/pages/node/7271510?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 –

https://www.ibm.com/support/pages/node/7271515?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses immutable-3.8.2.tgz, immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063 –

https://www.ibm.com/support/pages/node/7271511?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.13.6.tgz which is vulnerable to CVE-2026-40175 –

https://www.ibm.com/support/pages/node/7271518?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540 –

https://www.ibm.com/support/pages/node/7271517?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873 –

https://www.ibm.com/support/pages/node/7271519?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539 –

https://www.ibm.com/support/pages/node/7271520?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-29371) –

https://www.ibm.com/support/pages/node/7271568?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in dompurify-3.2.4.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-15599, CVE-2026-0540) –

https://www.ibm.com/support/pages/node/7271567?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by cross-site scripting used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-12635) –

https://www.ibm.com/support/pages/node/7271563?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34073) –

https://www.ibm.com/support/pages/node/7271577?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a remote code execution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14914) –

https://www.ibm.com/support/pages/node/7271564?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867) –

https://www.ibm.com/support/pages/node/7271575?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin:WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923) –

https://www.ibm.com/support/pages/node/7271570?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLKSJ&mynp=OCSS5RRF&mynp=OCSSLL84&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSKVFR&mynp=OCSSG2D3&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLLAM-OCSSLL9Z-OCSSLKT6-OCSSLKSJ-OCSS5RRF-OCSSLL84-OCSSLL9G-OCSSLL8M-OCSSKVFR-OCSSG2D3-_-E

Security bulletin: Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671) –

https://www.ibm.com/support/pages/node/7271565?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Beyond Hosting: How Interloc Cloud Services Delivers True End-to-End Ownership

Scott Peluso — Wed, 06 May 2026 13:39:52 GMT

When organizations move enterprise asset management systems like IBM Maximo to the cloud, they’re not just looking for infrastructure. They’re looking for reliability, accountability, and a partner who understands that uptime is only the beginning.

That’s where Interloc Cloud Services stands apart.

Modular Services Built Around Your Operating Model

Interloc Cloud Services is structured around three distinct offerings: Application Hosting, Application Managed Services (AMS), and Infrastructure Managed Services (IMS). Each service can stand on its own, or they can be combined based on a client’s operational needs, internal capabilities, and desired level of Interloc involvement.

Application Hosting provides secure, reliable hosting for Maximo and related enterprise applications. Hosting may include AMS where clients want Interloc to support both the hosted environment and the application layer.

Application Managed Services (AMS) provides ongoing application support, administration, troubleshooting, configuration assistance, and operational expertise. AMS can be delivered independently for client-managed environments, included with Interloc-hosted environments, or paired with IMS where clients need both application and infrastructure support.

Infrastructure Managed Services (IMS) focuses on the management, monitoring, maintenance, and support of the underlying infrastructure. IMS may stand alone for clients who retain application ownership, or it may be bundled with AMS for a broader managed services model.

While each service stands independently, many clients choose to combine them into a fully integrated model. This flexible structure allows you to select the right level of support without being forced into a rigid, one-size-fits-all service package. Interloc provides a single point of accountability across:

Infrastructure performance and availability
Application health and optimization
Incident response and resolution
Ongoing maintenance, patching, and updates

No handoffs. No ambiguity. Just clear ownership and faster outcomes.

Flexibility Without Compromise

Enterprise environments are rarely one-size-fits-all, and your cloud shouldn’t be either.

Interloc delivers flexibility across technology components, allowing clients to align infrastructure, database platforms, and architectural choices with their operational and regulatory requirements. Whether cloud-native, hybrid, or transitioning from on-premise, our approach adapts to your environment—not the reverse.

Real Access, Real Control

Many hosting providers treat access like a guarded vault. We don’t.

Interloc provides read/write access to both production and non-production environments, giving your team the visibility and control needed for reporting, integrations, and advanced operational workflows—without unnecessary barriers.

You stay in control of your system while we ensure it runs at peak performance.

Security as a Business Imperative

Security isn’t a feature—it’s a foundation.

Interloc’s environments are governed by rigorous controls aligned to SOC 2 and ISO 27001 standards, supported by formal change management, continuous monitoring, and executive-level oversight.

The result is a secure, compliant, and resilient environment that supports both operational and regulatory demands.

Personalized Service That Actually Feels Personal

Support shouldn’t feel like déjà vu.

With Interloc’s dedicated technical contact model, you will be assigned a dedicated individual who already understand your architecture, configurations, and operational priorities.

That means:

Familiarity with your environment and business processes
Faster problem identification
Targeted resolution
No repetitive discovery cycles
A smoother, more efficient support experience

We don’t ask you to reintroduce your environment every time—you pick up where you left off.

Built for the Long Term

Interloc Cloud Services is designed for organizations that expect more than infrastructure—they expect a partner invested in performance, stability, and continuous improvement.

Because in mission-critical environments, success isn’t about where your system runs.

It’s about how well it performs—and who stands behind it.

Moving to the cloud requires more than planning—it requires a partner invested in your success. Interloc delivers the expertise, ownership, and operational rigor to take your Maximo Application Suite to the cloud—so your team can focus on driving your business forward.

Start the conversation by clicking here.

This is just the beginning of our cloud series. We’ll continue breaking down what it really takes to build, manage, and optimize high-performing environments.

Keep an eye out for what’s next.

Interloc Solutions at Northeast MUG: Celebrating 10 Years of Mobility Success with NYCHA

marketing@interlocsolutions.com (Interloc Solutions) — Wed, 29 Apr 2026 11:12:48 GMT

Interloc Solutions is proud to sponsor the Northeast Maximo User Group, a community dedicated to sharing knowledge, showcasing success stories, addressing challenges, and building the relationships that help organizations get more value from IBM Maximo.

This year’s event is especially meaningful for us because one of our valued clients, the New York City Housing Authority, will be taking the stage to share a remarkable story of long-term transformation. In their session, “10 Years Mobile, 10 Years Stronger,” NYCHA’s Alex Gelbert and Jordan Lee will explore how a bold mobility decision made in 2016 evolved into a mission-critical enterprise strategy that continues to deliver results today.

When NYCHA implemented Interloc’s Mobile Informer—an offline-first mobile solution for Maximo—it was more than a technology deployment. It marked the beginning of a large-scale shift in how the authority manages work in the field, tracks assets, and supports operational decision-making across one of the most complex public housing portfolios in the country.

That decision set in motion a transformation that now spans more than 170,000 apartments and 500,000 assets across New York City. What began as a mobile enablement initiative became a cornerstone of NYCHA’s long-term enterprise asset management strategy, helping thousands of field workers operate more efficiently and with greater confidence in the data they use every day.

A decade later, the results speak for themselves.

Today, more than 5,000 users across nine unions depend on Mobile Informer daily to manage assets and execute work in the field. NYCHA’s continued investment in this strategy was reaffirmed with a new five-year contract awarded in July 2025, a strong indicator of sustained ROI and the lasting business value of mobile-first operations. Those gains extend beyond process improvement and cost efficiency—they also support better service outcomes for NYCHA residents.

At Northeast MUG, attendees will have the opportunity to hear directly from NYCHA leaders as they walk through their original selection process, demonstrate the field applications in use today, and discuss future plans as the organization prepares to upgrade to the MAS suite in late July 2026. Their story is a compelling example of what’s possible when mobility is approached not as a short-term fix, but as a strategic foundation for resilience, accountability, and continuous improvement.

For Interloc, this moment represents exactly what strong client partnerships are meant to achieve. We are honored to support NYCHA on this journey and proud to see their success shared with the broader Maximo community. Their experience highlights the power of combining the right technology with long-term vision, organizational commitment, and a focus on measurable outcomes.

As a sponsor of Northeast MUG, Interloc is excited to be part of an event that brings together Maximo professionals to learn from one another and advance the future of asset management. We look forward to connecting with attendees and celebrating stories like NYCHA’s—stories that demonstrate how innovation in the field can create lasting impact across an organization.

If you’re attending the event, be sure to join “10 Years Mobile, 10 Years Stronger.” It’s a session that captures not only the value of mobility, but the power of sustained transformation over time. Download the case study here.

MUWG 2026 Wrap-Up: What Utilities Leaders Need to Do Next

marketing@interlocsolutions.com (Interloc Solutions) — Wed, 15 Apr 2026 13:19:58 GMT

Interloc Solutions was proud to be on-site at MUWG 2026 as a Platinum Sponsor, connecting with utilities organizations navigating increasing operational demands, aging infrastructure, and the urgency to modernize Maximo environments.

This year’s conversations were clear—utilities are being pushed to do more with less, while maintaining reliability, compliance, and service continuity. The path forward requires more than incremental improvements. It requires technology that supports performance, not just maintenance.

At MUWG, Interloc introduced solutions built specifically for that reality.

Introducing Informer EdgeSync for MAS: Zero Downtime Upgrades for Utilities

Utilities cannot afford system disruption. Planned downtime impacts operations, service delivery, and risk exposure.

That’s why the launch of Informer EdgeSync for MAS generated so much attention at MUWG.

EdgeSync enables real-time synchronization between Maximo environments, allowing utilities to upgrade from Maximo 7.6 to MAS without traditional cutover windows.

No weekend outages
No compressed testing timelines
No risk of data loss

Utilities teams can validate, test, and even roll out MAS in phases—while live operational data continues to sync. When ready, cutover is immediate and seamless.

Exclusive Offer: Zero Downtime Upgrades at No Cost

For utilities organizations still operating on unsupported or soon-to-be unsupported Maximo environments, Interloc is offering a path forward. Move to Interloc’s Cloud and receive a Zero Downtime Upgrade at no cost. This approach removes the financial and operational barriers that often delay modernization—while ensuring your environment is secure, scalable, and aligned for long-term performance.

Informer UX Suite – Mobility: Built for the Reality of Utility Field Work

Mobility was another major focus at MUWG—and for good reason. Utilities operate in environments where connectivity is inconsistent, assets are distributed, and field execution directly impacts service reliability.

Informer UX Suite Mobility (formerly Mobile Informer UX Suite) delivers a modern mobility experience designed specifically for Maximo and MAS environments.

With offline-first architecture, real-time synchronization, and workflows aligned to technician execution, utilities teams can:

Capture accurate data in the field—online or offline
Eliminate delays caused by manual re-entry
Improve decision-making with real-time visibility

This is mobility designed for operational reliability at scale.

No more paper. No more pens.

Why This Matters for Utilities

Utilities are under pressure to modernize—but modernization cannot come at the cost of operational disruption.

Together, Informer EdgeSync and Informer UX Suite Mobility provide a connected approach:

Continuous data flow across environments
Reliable field execution regardless of connectivity
Lower-risk, phased transition to MAS
Improved asset visibility and performance tracking

This is how utilities move from reactive maintenance to performance-driven operations—without compromising service delivery.

If you didn’t have the opportunity to see Informer EdgeSync or Informer UX Suite Mobility in action at MUWG, we’ve made it easy to get started. See how your organization can eliminate downtime, modernize faster, and support field teams more effectively.

Take the Next Step

Utilities organizations that act now will be the ones that reduce risk, improve performance, and stay ahead of increasing demand.

Whether you’re planning your MAS upgrade or looking to improve field execution, Interloc is ready to help you move forward—without disruption.

Get started today with Interloc Informer.

Informer EdgeSync for Maximo: Real-Time Synchronization with Zero Downtime Upgrades

marketing@interlocsolutions.com (Interloc Solutions) — Wed, 01 Apr 2026 12:32:19 GMT

A New Era of Maximo Environment Synchronization

Organizations running IBM Maximo and Maximo Application Suite (MAS) rely on accurate operational data across multiple environments—production, testing, reporting, and disaster recovery.

But keeping those environments synchronized has historically been complicated, costly, and operationally risky.

Many teams still depend on approaches like:

Manual database copies
ETL processes
Complex database replication tools
Scheduled downtime for upgrades or testing

These methods create unnecessary complexity. Testing environments quickly become outdated, upgrades require tightly controlled maintenance windows, and disaster recovery environments are difficult to keep current.

That challenge ends today.

Interloc Solutions is introducing Informer EdgeSync, a powerful new capability designed to simplify how Maximo environments stay synchronized.

And we’re officially unveiling it at MUWG, April 7–10.

Introducing Informer EdgeSync

Informer EdgeSync is a powerful Maximo add-on that enables real-time synchronization between Maximo environments without relying on expensive database mirroring tools or manual replication processes.

Built on Interloc’s proven Informer Server technology, EdgeSync synchronizes environments through Maximo Business Objects (MBOs)—ensuring that synchronization respects Maximo business rules while maintaining data integrity.

This approach provides a reliable and scalable replication architecture built specifically for the Maximo ecosystem.

Informer EdgeSync also supports bi-directional synchronization across multiple remote environments, even when servers are intermittently unavailable.

The result is a simpler and more reliable way to keep Maximo environments aligned across your organization.

Real-Time Synchronization Across Maximo Systems

EdgeSync continuously synchronizes operational data between Maximo environments, allowing organizations to maintain current operational data everywhere it is needed.

This includes synchronization of key operational data such as:

Assets
Work orders
Inventory
Maintenance transactions

Instead of relying on outdated copies of production data, teams can maintain fully synchronized environments in near real time.

That means testing environments, reporting environments, and recovery environments always reflect the latest operational activity.

Zero-Downtime Upgrades to Maximo Application Suite

Upgrading enterprise asset management platforms traditionally requires carefully planned downtime and tightly managed cutover events.

EdgeSync introduces a better approach.

Organizations can perform zero-downtime upgrades from Maximo 7.6 to MAS by continuously synchronizing live production data to the upgraded environment.

This allows teams to:

Test the upgraded MAS environment for as long as necessary
Roll out MAS functionality in phases
Validate system performance using live operational data

When testing is complete, organizations can instantly cut over to the MAS environment with full confidence that no data has been lost.

Test Upgrades Anytime — Not Just on Weekends

Maximo upgrades and testing cycles have long been constrained by weekend maintenance windows and overnight deployments.

Because traditional testing environments rely on static database copies, teams are forced to complete validation within narrow timeframes.

EdgeSync removes this limitation.

With continuously synchronized environments, teams can:

Perform testing during normal business hours
Extend validation cycles
Reduce pressure during upgrade events
Deploy changes with greater confidence

Testing no longer has to wait for the weekend.

Strengthening Disaster Recovery and Operational Resilience

EdgeSync also strengthens disaster recovery and business continuity strategies.

By maintaining synchronized standby environments, organizations can ensure backup systems always contain current operational data.

This enables real-time hot backup environments that improve disaster recovery readiness and support continuity of operations planning.

Built for Modern Maximo Deployments

Informer EdgeSync was designed specifically for modern Maximo environments and supports:

On-premises deployments
Cloud deployments
Hybrid architectures

It also supports clustered and high-availability configurations, because synchronization is managed at the Maximo Business Object layer rather than the database level.

This architecture provides a synchronization solution built for today’s evolving enterprise asset management platforms.

See Informer EdgeSync at MUWG

Interloc Solutions is proud to officially launch Informer EdgeSync at MUWG, April 7–10.

If you’re attending the conference, stop by to see how EdgeSync is transforming how organizations synchronize their Maximo environments.

Our team will be demonstrating how EdgeSync enables:

Real-time environment synchronization
Zero-downtime MAS upgrades
Flexible testing cycles
Stronger disaster recovery strategies

Ready to See Informer EdgeSync in Action?

Informer EdgeSync introduces a new approach to Maximo data synchronization—one designed to have zero downtime upgrades, reduce operational risk, and keep environments continuously aligned.

Whether you're planning a Maximo modernization, MAS upgrade, or infrastructure improvement, EdgeSync can help streamline the process.

Schedule Your EdgeSync Demo and Get Started with Interloc Today

Maximo Application Suite Security Bulletins March-2

Darlene Nerden — Tue, 31 Mar 2026 12:13:31 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses os/exec 1.24.3; 1.24.4, ansible-9.4.0, github.com/eclipse/paho.mqtt.golang v1.3.5 and archive/tar 1.24.2; 1.24.4 which is vulnerable to CVE-2025-47906,CVE-2025-14010,CVE-2025-10543 and CVE-2025-58183 –

https://www.ibm.com/support/pages/node/7263055?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493 –

https://www.ibm.com/support/pages/node/7263515?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547 –

https://www.ibm.com/support/pages/node/7263537?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248 –

https://www.ibm.com/support/pages/node/7263628?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250 –

https://www.ibm.com/support/pages/node/7266368?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727 –

https://www.ibm.com/support/pages/node/7266367?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses urllib3 dependency which is vulnerable to CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7266407?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034 –

https://www.ibm.com/support/pages/node/7266406?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002 –

https://www.ibm.com/support/pages/node/7266659?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7266961?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146 –

https://www.ibm.com/support/pages/node/7266964?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745 –

https://www.ibm.com/support/pages/node/7266968?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library urllib3-2.6.2 which is vulnerable to CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7267281?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3 which is vulnerable to CVE-2025-66221 –

https://www.ibm.com/support/pages/node/7267282?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181 –

https://www.ibm.com/support/pages/node/7267284?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.2.tgz which is vulnerable to CVE-2026-23950 –

https://www.ibm.com/support/pages/node/7267283?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1 which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7267280?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to CVE-2025-14684 –

https://www.ibm.com/support/pages/node/7267481?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205 –

https://www.ibm.com/support/pages/node/7267807?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was affected by SMTP injection due to Jakarta Mail which was vulnerable to CVE-2025-7962 –

https://www.ibm.com/support/pages/node/7267811?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860 –

https://www.ibm.com/support/pages/node/7267809?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007 –

https://www.ibm.com/support/pages/node/7267813?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639 –

https://www.ibm.com/support/pages/node/7267985?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146 –

https://www.ibm.com/support/pages/node/7267980?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541 –

https://www.ibm.com/support/pages/node/7267981?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

https://www.ibm.com/support/pages/node/7267982?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl which is vulnerable to CVE-2025-69277 –

https://www.ibm.com/support/pages/node/7267984?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702 –

https://www.ibm.com/support/pages/node/7267987?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701 –

https://www.ibm.com/support/pages/node/7267986?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses multiple jar packages which are vulnerable to CVE-2025-24970, CVE-2025-55163 –

https://www.ibm.com/support/pages/node/7267989?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990 –

https://www.ibm.com/support/pages/node/7267988?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727 –

https://www.ibm.com/support/pages/node/7267990?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007 –

https://www.ibm.com/support/pages/node/7267992?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

https://www.ibm.com/support/pages/node/7267991?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049 –

https://www.ibm.com/support/pages/node/7268019?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434 –

https://www.ibm.com/support/pages/node/7268020?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775 –

https://www.ibm.com/support/pages/node/7268024?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2_ was not set with secure flag –

https://www.ibm.com/support/pages/node/7268028?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Staying ahead of security vulnerabilities in Maximo Application Suite is critical to protecting your operations and avoiding unnecessary risk. If you’re unsure how these updates impact your environment or need support reviewing and addressing them, our team is here to help. Take a few minutes to review the latest bulletins, and if you have questions, connect with Interloc or your IBM support team to ensure your system remains secure and up to date.

Support Transition for IBM Maximo Application Suite Releases 8.7, 8.8, 8.9, 8.10 and 8.11

Scott Peluso — Wed, 25 Mar 2026 12:33:04 GMT

I wanted to take a moment to share an important update from IBM regarding the Maximo Application Suite (MAS) product lifecycle and upcoming support changes.

If you have any questions and are an Interloc client, you can open a Support case through the Interloc Support Portal. If you receive product support directly from IBM and have questions or concerns, I recommend opening a case with IBM Support.

The information below is presented exactly as communicated by IBM on March 20, 2026; the original source is available here.

Flashes (Alerts)

Abstract

Support options for IBM Maximo Application Suite releases 8.7, 8.8, 8.9, 8.10 and 8.11 will change on April 30, 2026.

Content

Effective April 30, 2026, IBM will transition IBM Maximo Application Suite (MAS) Releases 8.10 and 8.11 to IBM Extended Support. Clients are encouraged to upgrade to the latest available release of the program or obtain Extended Support to ensure continued service coverage.

Effective April 30, 2026, the support lifecycle will reach completion for IBM Maximo Application Suite (MAS) Releases 8.7, 8.8, and 8.9. Extended Support will not be offered for these releases.

For additional details, please refer to the official IBM Maximo Application Suite announcement regarding this transition, as well as the IBM Maximo Application Suite product lifecycle page for comprehensive support information.

Clients are encouraged to upgrade to the latest version or release of the program to ensure ongoing support. See our user documentation for information about Upgrading IBM Maximo Application Suite versions.

Reminder: When opening a case, select the IBM Maximo Application Suite (MAS) version and not the Application version. For example, if you are using Maximo Manage 8.7, open the case for Maximo Application Suite 8.11.

Whether you're evaluating your next move or ready to upgrade, making the right decision now can prevent downtime and risk later.

Interloc clients: Open a case through the Interloc Support Portal HERE
IBM-supported clients: Contact IBM Support directly

If you're unsure where you stand or need guidance on your upgrade strategy, the Interloc team is here to help.

Interloc Solutions at MUWG 2026

marketing@interlocsolutions.com (Interloc Solutions) — Thu, 19 Mar 2026 12:14:52 GMT

Platinum Sponsor | IBM Platinum Partner

Maximo Utility Working Group

Interloc Solutions is proud to be a Platinum Sponsor of MUWG 2026 and an IBM Platinum Partner supporting utilities across North America.

This year’s theme —
“Maximo In Motion: Energizing Smart Systems through AI, People, and Processes” — reflects the transformation utilities are navigating today: aging infrastructure, workforce evolution, AI integration, and increasing operational demands.

MUWG remains a collaborative forum where member utility organizations exchange practical experience, proven methods, and measurable strategies to drive Maximo efficiency.

Moving Beyond Maintenance — Toward Performance

Utilities can no longer rely on static enterprise systems. Maximo environments must be stable, scalable, intelligent, and aligned to long-term operational strategy.

At Interloc, we help utilities move from reactive maintenance to structured performance optimization.

Here’s how.

IBM Maximo Application Suite (MAS) Modernization

Modernization is more than upgrading versions — it’s architectural alignment.

We deliver:

Readiness assessments and environment audits
Structured migration and upgrade roadmaps
Kubernetes/OpenShift planning and deployment support
Integration validation and risk mitigation
Parallel testing strategies to protect production

Our goal is clear: Improve performance and scalability without disrupting daily operations. Stop by our booth at MUWG and learn more.

Performance Optimization & System Stabilization

Many Maximo systems function — but are not optimized.

We identify and remediate:

Database inefficiencies
Automation and workflow sprawl
Integration bottlenecks
Infrastructure misalignment

Through structured diagnostics and targeted tuning, we improve response time, reliability, and user confidence across the environment.

Cloud Hosting & Managed Services

Cloud strategy must enhance resilience — not introduce risk.

Interloc provides:

Secure enterprise-grade hosting
Proactive monitoring and performance oversight
Patch management and coordinated upgrades
Capacity planning and scaling support
Backup, disaster recovery, and business continuity

Our managed services reduce infrastructure strain while ensuring predictable, stable performance aligned to utility operations. If you have not upgraded and moved to the cloud yet Interloc offers a Zero Downtime Upgrade that will keep you on track.

Data Quality & Asset Intelligence Strategy

Maximo’s value depends entirely on data integrity.

We help utilities:

Restructure asset hierarchies
Standardize classifications and coding
Cleanse and validate production data
Align KPIs to operational and funding objectives
Establish governance frameworks for ongoing integrity

The result: stronger reporting, clearer lifecycle forecasting, and better capital planning decisions.

Clean data drives confident decisions.

Mobile Informer UX Suite: Mobility That Works in the Real World

Field operations require tools that perform reliably — especially in low-connectivity environments common to utility work.

The Mobile Informer UX Suite is built specifically to support Maximo and MAS environments with:

Offline-first architecture
Real-time synchronization logic
Configurable workflows aligned to technician execution
Secure data capture and transmission
Reduced field administrative burden

Technicians gain reliable access to work orders, inspections, and asset data — online or offline — without compromising data accuracy or system integrity.

This is mobility engineered for operational reliability.

Informer EdgeSync for MAS: Real-Time Environment Synchronization

Traditional approaches to synchronizing Maximo data across environments have relied on expensive database mirroring tools or manual “lift and shift” duplication and relocation of databases between environments, resulting in frequent repeated effort and expense.

Built on the proven Mobile Informer Server, EdgeSync is a Maximo-based replication tool that provides real-time synchronization between environments. It removes the need for costly database replication tools, manual transfers, or ETL processing from production to test or development environments.

With EdgeSync, utilities gain:

Controlled, real-time data replication
Reduced operational overhead
Lower infrastructure cost
Improved development and testing efficiency
Stronger environment consistency

It’s a smarter, more sustainable approach to Maximo environment management.

Why Meet with Interloc at MUWG?

As an IBM Platinum Partner and MUWG Platinum Sponsor, we work directly within complex utility environments to strengthen performance, stability, and long-term system resilience.

Whether you are:

Planning a MAS migration
Improving system performance
Modernizing mobility
Stabilizing cloud architecture
Strengthening asset intelligence, or
Preparing for AI enablement

We bring structured execution, deep Maximo expertise, and measurable results.

Let’s Connect

Attending MUWG 2026? Stop by the booth and get to know us. If you'd like to schedule a demo, please do so here.

Your Maximo environment should be an asset — not a bottleneck.
Let’s make sure it performs the way it was designed to.

Maximo Application Suite Security Bulletins March 2026

Darlene Nerden — Wed, 11 Mar 2026 12:43:21 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7261597?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses net/http 1.23.4,1.24.2,1.24.3,crypto/x509 1.24.2,1.24.3 which is vulnerable to CVE-2025-4673, CVE-2025-22874 –

https://www.ibm.com/support/pages/node/7261596?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7261756?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160 –

https://www.ibm.com/support/pages/node/7262077?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7262078?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl, urllib3-2.6.1-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7262081?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726 –

https://www.ibm.com/support/pages/node/7262076?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161 –

https://www.ibm.com/support/pages/node/7262083?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-2.6.1-py3-none-any.whl which is vulnerable to CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7262082?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284 –

https://www.ibm.com/support/pages/node/7262079?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860 –

https://www.ibm.com/support/pages/node/7262080?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7262087?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735 –

https://www.ibm.com/support/pages/node/7262085?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7262086?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701 –

https://www.ibm.com/support/pages/node/7262090?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM IBM Edge Data Collector uses azure_core-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226 –

https://www.ibm.com/support/pages/node/7262093?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7262241?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221 –

https://www.ibm.com/support/pages/node/7262254?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66453) –

https://www.ibm.com/support/pages/node/7262258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551 –

https://www.ibm.com/support/pages/node/7262279?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929 –

https://www.ibm.com/support/pages/node/7262281?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-1002) –

https://www.ibm.com/support/pages/node/7262392?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21860) –

https://www.ibm.com/support/pages/node/7262393?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21441) –

https://www.ibm.com/support/pages/node/7262395?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2025-67735) –

https://www.ibm.com/support/pages/node/7262394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Maximo Application Suite Security Bulletins February 2026

Darlene Nerden — Tue, 24 Feb 2026 12:55:11 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively –

https://www.ibm.com/support/pages/node/7258352?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718 –

https://www.ibm.com/support/pages/node/7258351?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906 –

https://www.ibm.com/support/pages/node/7258418?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345 –

https://www.ibm.com/support/pages/node/7258419?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7258420?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7258421?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861 –

https://www.ibm.com/support/pages/node/7258422?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154 –

https://www.ibm.com/support/pages/node/7258428?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945 –

https://www.ibm.com/support/pages/node/7258427?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses bootstrap-table-1.18.1.min.js, bootstrap-table-1.18.2.min.js, bootstrap-table-export-1.18.2.min.js which are vulnerable to CVE-2022-1726, CVE-2021-23472 –

https://www.ibm.com/support/pages/node/7258425?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460 –

https://www.ibm.com/support/pages/node/7258423?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945 –

https://www.ibm.com/support/pages/node/7258426?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471 –

https://www.ibm.com/support/pages/node/7258429?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566 –

https://www.ibm.com/support/pages/node/7258424?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471 –

https://www.ibm.com/support/pages/node/7258430?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by SMTP injection due to Jakarta Mail and vulnerable to CVE-2025-7962 –

https://www.ibm.com/support/pages/node/7258432?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352 –

https://www.ibm.com/support/pages/node/7259265?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 –

https://www.ibm.com/support/pages/node/7259267?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031 –

https://www.ibm.com/support/pages/node/7259268?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756 –

https://www.ibm.com/support/pages/node/7259271?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204 –

https://www.ibm.com/support/pages/node/7259270?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259393?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite IoT component uses "urllib3-2.5.0-py3-none-any.whl" which are vulnerable to "CVE-2025-66418, CVE-2025-66471" –https://www.ibm.com/support/pages/node/7259392?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259395?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs –

https://www.ibm.com/support/pages/node/7259396?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by SMTP injection due to Jakarta Mail (CVE-2025-7962) –

https://www.ibm.com/support/pages/node/7259409?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLL9G&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLL9G-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSG2D3-OCSS5RRF-OCSSKVFR-OCSSLL84-OCSSLL9Z-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.5.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66418) –https://www.ibm.com/support/pages/node/7259408?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lz4-java-1.7.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-12183) –

https://www.ibm.com/support/pages/node/7259410?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in pyasn1-0.6.1.tar.gz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-23490) –

https://www.ibm.com/support/pages/node/7259411?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66566) –

https://www.ibm.com/support/pages/node/7259412?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66221) –

https://www.ibm.com/support/pages/node/7259414?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses k8s.io/kubernetes v1.33.1 which is vulnerable to CVE-2025-4563 and CVE-2025-5187 –

https://www.ibm.com/support/pages/node/7259513?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Reliability Strategies was using vulnerable library –

https://www.ibm.com/support/pages/node/7259511?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses urllib3 which is vulnerable to CVE-2025-66418 and CVE-2025-66471 –

https://www.ibm.com/support/pages/node/7259911?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273 –

https://www.ibm.com/support/pages/node/7259912?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226 -

https://www.ibm.com/support/pages/node/7260184?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Why State of Good Repair has Become a Defining Challenge for U.S. Transit

marketing@interlocsolutions.com (Interloc Solutions) — Wed, 18 Feb 2026 19:01:41 GMT

The state of America’s transit infrastructure has reached a critical moment. Aging assets, rising costs, and expanding system complexity are converging at a pace that demands immediate and coordinated action. As agencies across the country work to maintain safe, reliable service, the concept of State of Good Repair (SGR) has moved from long-term goal to urgent priority.

That urgency is at the center of the Transit State of Good Repair Conference, taking place March 4–5, 2026, at the Ronald Reagan Building and International Trade Center—an event Interloc Solutions is proud to sponsor.

The Growing State of Good Repair Backlog

The most recent analysis from the Federal Transit Administration and the Volpe National Transportation Systems Center, based on the latest available national data, estimates the U.S. transit State of Good Repair backlog at approximately $140.2 billion. This represents a significant increase from $101.4 billion in 2018, driven by aging infrastructure, inflationary pressures, expanding guideway assets, and more accurate asset inventories that have revealed the true scale of reinvestment needs. Particularly concerning are systems assets—including signals, train control, and communications—where more than 21 percent are rated in poor condition. At the same time, deterioration across heavy rail and commuter rail fleets is accelerating, placing additional strain on service reliability and operational safety.

Infrastructure Pressures Meet Organizational Complexity

Physical asset degradation is only part of the story. Many transit agencies also face internal challenges that complicate their ability to respond effectively. Gaps in data quality, limited system integration, and uneven analytics capabilities continue to hinder informed decision-making. Workforce readiness, cross-departmental coordination, and the maturity of asset management practices vary widely across organizations.

While progress has been made, many agencies are still evolving in areas such as risk-based planning, condition-based maintenance, performance management, and lifecycle costing. These capabilities are increasingly essential as transit systems grow more complex and resource constraints tighten.

Preparing for the Next Generation of Transit

Modernization efforts—including fleet electrification, expanded digital systems, and the adoption of new technologies—are reshaping transit operations. These initiatives offer long-term benefits but also raise the bar for organizational capacity. Strong asset data,
predictive tools, and enterprise-wide alignment are no longer optional; they are foundational to sustaining service and maximizing investment.

Addressing State of Good Repair today requires more than funding alone. It demands a coordinated approach that integrates infrastructure strategy, data governance, technology, and people.

Supporting the Path Forward

Interloc Solutions’ sponsorship of the Transit State of Good Repair Conference reflects our commitment to supporting transit agencies as they navigate these challenges. The conference provides a vital forum for sharing insights, advancing best practices, and strengthening collaboration across the industry.

Want the full breakdown of the strategies shared at the conference? Download Interloc's SGR presentation to see how Maximo Application Suite supports smarter asset management and State of Good Repair initiatives.

As agencies work to close the SGR gap and prepare for the future, conversations like these are essential to building resilient, reliable transit systems that serve communities for generations to come.

Stop by and connect with the Interloc team during the conference. If we don’t get the chance to meet in person, we’d be happy to schedule time to discuss your needs—just reach out using the contact information here.

Maximo Application Suite Security Bulletins-January 2026

Darlene Nerden — Tue, 20 Jan 2026 15:41:51 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182 –

https://www.ibm.com/support/pages/node/7255157?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754 –

https://www.ibm.com/support/pages/node/7255884?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889 –

https://www.ibm.com/support/pages/node/7255883?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses django-4.2.25-py3-none-any.whl which is vulnerable to CVE-2025-64458, CVE-2025-64459 –

https://www.ibm.com/support/pages/node/7255881?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses min-document-2.19.0.tgz which is vulnerable to CVE-2025-57352 –

https://www.ibm.com/support/pages/node/7255886?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889 –

https://www.ibm.com/support/pages/node/7255882?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732 –

https://www.ibm.com/support/pages/node/7255885?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data –

https://www.ibm.com/support/pages/node/7255887?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255891?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255893?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7255892?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses scikit_learn-1.3.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206 –

https://www.ibm.com/support/pages/node/7255933?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could allow a remote attacker to bypass security restrictions and vulnerable to CVE-2024-56339 –

https://www.ibm.com/support/pages/node/7255934?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360 –

https://www.ibm.com/support/pages/node/7255942?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777 –

https://www.ibm.com/support/pages/node/7255944?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459 –

https://www.ibm.com/support/pages/node/7255945?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses runtime-7.25.9.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7255946?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339 –

https://www.ibm.com/support/pages/node/7255943?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-7962)

https://www.ibm.com/support/pages/node/7256143?myns=swgother&mynp=OCSSKVFR&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSG2D3&mynp=OCSSLL9G&mynp=OCSSLL9Z&mync=E&cm_sp=swgother-_-OCSSKVFR-OCSSLL8M-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKT6-OCSS5RRF-OCSSLKSJ-OCSSG2D3-OCSSLL9G-OCSSLL9Z-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-12635) –

https://www.ibm.com/support/pages/node/7256145?myns=swgother&mynp=OCSSG2D3&mynp=OCSSLKSJ&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLL8M&mynp=OCSSLLAM&mynp=OCSSLL84&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLKT6&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSG2D3-OCSSLKSJ-OCSSWT9A-OCSSLL9Z-OCSSLL8M-OCSSLLAM-OCSSLL84-OCSSLL9G-OCSSKVFR-OCSSLKT6-OCSS5RRF-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550 –

https://www.ibm.com/support/pages/node/7256205?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410 –

https://www.ibm.com/support/pages/node/7256206?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916 –

https://www.ibm.com/support/pages/node/7256210?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124 –

https://www.ibm.com/support/pages/node/7256211?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913 –

https://www.ibm.com/support/pages/node/7257347?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Beyond the Clipboard: How Paper Is Holding Maximo Back—and How to Replace It

lohab@interlocsolutions.com (Larry Ohab) — Tue, 13 Jan 2026 21:44:44 GMT

For decades, the old-fashioned clipboard with pen and paper has been the unofficial "mobile interface" for IBM Maximo. It feels reliable, a callback to procedures we’ve used most of our lives. However, relying on pen and paper is effectively a "hidden tax" on your organization’s productivity and asset health. Moving to a digital solution isn't just about going "paperless", it’s about bridging the divide between how work is performed in the field and the business data leadership relies on to make decisions.

The 5 Hidden Hazards of Paper

The "Pencil Whip" Risk: Paper forms cannot validate data in real-time or provide proof of where/how they were completed. This often leads to "pencil whipping"—the act of signing off on inspections without performing the actual work. Without digital guardrails like mandatory fields or photo evidence captured at the time of inspection, safety and compliance become a guessing game.
Data Latency & Stale Decisions: If a technician records a critical reading at 9:00 AM but doesn't enter it into Maximo until they return to the office at 4:00 PM, your reliability engineers are making decisions based on stale data. In asset-intensive industries, that 7-hour delay can be the difference between a preventative action and an emergency shutdown.
The "Wrench Time" Tax: "Wrench time" is the SMRP-standard metric for measuring actual value-added work. Industry research from McKinsey and interviews with IBM Maximo customers show that digital solutions drive a 15% to 26% increase in workforce productivity - which translates to reclaiming up to 17 minutes of “wrench time” for every single work order.
The Security and Compliance Vacuum: Unlike digital systems, paper offers zero encryption, automatic backup, or detailed audit trail. Sensitive maintenance data is vulnerable to anyone with a key to a file cabinet or a stray clipboard left out in the open. Furthermore, paper makes it nearly impossible to establish a transparent "chain of custody" for regulatory audits as you simply cannot track who accessed, edited, or copied a record once it left the printer.
The High Total Cost of Ownership (TCO) of Analog: Between the cost of printing, physical storage, and the administrative labor of manual transcription, paper-based systems often have a higher Total Cost of Ownership (TCO) than modern mobile solutions.

Common Mobile Mistakes that Impede Adoption

The Maximo ecosystem offers a wide variety of mobile solutions, each featuring different capabilities and tradeoffs. It can be tempting to simply select a tool just to "check the box" for mobility. However, merely having an app is not enough to overcome the comfort of paper. Based on over 15 years of helping customers implement Maximo mobility, we have identified the primary setbacks that prevent successful adoption:

Connectivity: Many apps require constant Wi-Fi or cellular signals to function. In the real world - where technicians work in concrete-shielded facilities or remote fields - unreliable connectivity leads to "spinning wheels" and frozen screens that slow or even halt productivity.
Interface Instability: A mobile application must provide accurate information reliably without crashing or taking a lengthy time to respond. Laggy or unresponsive user interfaces (UIs) are the fastest way to lose the trust of your field workforce.
Security Concerns: If a solution uses middleware servers or unsecured interfaces, it may not comply with stringent business security requirements, creating new vulnerabilities instead of inheriting Maximo’s protection.
The Customization Gap: Your mobile tools must match your unique business requirements. If an app cannot mirror your custom Maximo business logic or novel workflows, technicians find it a hindrance rather than an asset.

When you realize that "checking the box" is not enough to drive operational ROI, it is time to evolve.

The Evolution: What Is the Mobile Informer UX Suite?

The Mobile Informer UX Suite is the next generation of Mobile Informer, rebuilt to make field work faster, simpler, and more reliable, shaped by over a decade of experience from field users, UX designers, and Maximo experts.

The result is a platform built on the four foundational pillars of Mobile Informer:

Offline-First: Designed to function fully without connectivity without degrading the user experience, enabling uninterrupted work in remote or shielded environments. Whether it is a warehouse worker in areas where Wi-Fi does not reach, or an on-site technician in a secure location where data transmission is restricted, the UX Suite continues to operate reliably and synchronizes when connectivity is available and permitted.
Security: Inherits Maximo’s native security model, aligning with enterprise and regulatory requirements without introducing new attack surfaces. The UX Suite operates within your existing authentication and authorization frameworks, ensuring that data captured in the field is governed by the same controls, visibility, and compliance standards as data entered directly into Maximo.
Scalability: Engineered to perform efficiently across large and complex data sets using a data strategy that emphasizes “mobile relevance” to minimize device footprint while maintaining system context.
Customizability: Delivers out-of-the-box functionality that can be tailored to match even the most unique business processes and workflows.

By consolidating field activities into a single, dependable interface, the UX Suite replaces stacks of paper with a high-performance mobile experience that technicians can trust and will want to use.

Final Thoughts

Paper persists not because it is effective, but because many mobile solutions fail to adapt to the workplace. When mobility aligns usability, reliability, security, and Maximo integrity, paper is no longer required to be the user’s safety blanket.

Importantly, the Mobile Informer UX Suite is not simply a digital replacement for the clipboard. Instead, it is a strategic shift toward real-time execution, trusted data, and sustained workforce adoption, delivering real ROI and enabling your organization to return focus to the important work at hand.

Request a demo to see how the Mobile Informer UX Suite modernizes mobility across your Maximo environment.

Building Trust Through Secure Foundations

lbeaudoin@interlocsolutions.com (Lowell Beaudion) — Thu, 11 Dec 2025 16:00:46 GMT

To expand on my earlier blog, I wanted to give a look behind the scenes a bit through a series of blogs to help showcase how at Interloc, strong security isn’t just a technical requirement, it’s our promise to you, our customer.

Our promise is that the systems you rely on are built with intention, monitored with diligence, handled with care, and protected through a comprehensive framework grounded in industry leading best practices and frameworks.

Our customers entrust us with their most important digital assets, and we take that commitment seriously. Here’s an inside look at how we safeguard that very data through robust access controls, continuous security testing, disciplined change control, and a security program shaped by global standard and engrained within our people.

Let’s start off with a few of the mentioned items, today I’ll take you through access controls, and security testing/vulnerability management, next time the journey will be through change control and the overall program.

Ensuring the right access for the right people:

Access control sits at the core of our cybersecurity strategy. We design our environments to ensure that only the right individuals & systems can access or view business, sensitive, or even your information.

At Interloc, that means:

All identities, humans or otherwise are verified. This ensures that all users, shared/system accounts, and computer systems are properly identified before any access is granted. No assumptions, no shortcuts, zero trust.
Least privilege is by design and considered at the inception of the identity. We follow strict least privilege and separations of duties principles, ensuring every identity human or otherwise has only the necessary access to perform their roles and business purposes, nothing more.
Access rights are reviewed on a regular schedule, helping us maintain accurate records, reducing insider risk, and ensuring only authorized users are provided access both from our side, and even yours.

Staying ahead of threats:

Cybersecurity threats evolve constantly, which is why testing, monitoring, and auditing must be equally dynamic. At Interloc we employ a proactive approach by design to identify vulnerabilities early and respond with precision. Allowing us to ensure your data or systems hosted with Interloc are properly cared for from vulnerabilities.

Vulnerabilities, whether they are related to hardware, software, misconfigurations, accounts, or within boundary layers, we are continuously assessing systems and applications we control. Our systems are scanned weekly, which is aggressive, but when an issue is detected, it is prioritized and addressed swiftly to maintain availability, baselines, and resilience.

Annual internal and external audits are conducted to inspect our security posture to confirm alignment with our policies, procedures, and standards. When standards such as ISO and NIST are updated, we bring in external experts to validate our practices and ensure we remain steadfast and prepared for any regulatory expectations.

Lastly, we have deployed a robust suite of monitoring tools, centralized by our Security Information and Event Management (SIEM) platform to deliver real-time visibility into all activity across networks, systems, and applications. This includes but is not limited by:

Alerts on suspicious behaviors
Log collection and correlations
Anomaly detections
Forensic support in the event of an incident

This level of vigilance enables us to detect potential and real security issues early, respond quickly, and maintain transparency across our operational environment.

Security isn’t something we check off a list, it’s a culture, a commitment, and a competitive advantage. At Interloc, we’re proud to provide the governance, safeguards, and continuous oversight that allow our customers to operate confidently and securely. My next blog we will dive into the overall security program and change control. If there are other topics, you’d like me to go into please, let me know. Need more information please visit us at Interloc Solutions.

Maximo Application Suite Security Bulletins November 2025

Darlene Nerden — Tue, 25 Nov 2025 15:11:36 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics –

https://www.ibm.com/support/pages/node/7249416?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081 –

https://www.ibm.com/support/pages/node/7249638?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7249970?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7249972?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574 –

https://www.ibm.com/support/pages/node/7249977?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses ring-0.17.9.crate which is vulnerable to CVE-2025-4432 –

https://www.ibm.com/support/pages/node/7249987?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses requests-2.32.2-py3-none-any.whl which is vulnerable to CVE-2024-47081 –

https://www.ibm.com/support/pages/node/7249991?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-1.26.19-py2.py3-none-any.whl which is vulnerable to CVE-2025-50181, CVE-2025-50182 –

https://www.ibm.com/support/pages/node/7249988?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871 –

https://www.ibm.com/support/pages/node/7250448?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58057) –

https://www.ibm.com/support/pages/node/7250662?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in reactor-netty-http-1.2.1.jar (used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-22227) –

https://www.ibm.com/support/pages/node/7250656?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload ( CVE-2025-48976) –

https://www.ibm.com/support/pages/node/7250660?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58056) –

https://www.ibm.com/support/pages/node/7250661?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-55163) –

https://www.ibm.com/support/pages/node/7250659?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service ( CVE-2025-36000) –

https://www.ibm.com/support/pages/node/7250665?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 ( CVE-2025-36047) –

https://www.ibm.com/support/pages/node/7250670?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty is affected by a security bypass in JMS messaging ( CVE-2025-36124) –

https://www.ibm.com/support/pages/node/7250671?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 and Python 3.11.11 which is vulnerable to CVEs listed in Summary –

https://www.ibm.com/support/pages/node/7251406?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Where Security Drives Every Decision

lbeaudoin@interlocsolutions.com (Lowell Beaudion) — Mon, 24 Nov 2025 14:37:09 GMT

At Interloc, security isn’t an afterthought, it’s part of our DNA. We believe that protecting our customers’ data begins at the very top, which is why our security program is driven by senior leadership and embedded into every business decision we make. This top-down approach ensures that information security isn’t just an IT initiative, it’s a strategic business imperative.

From technology to policy to people, our security framework reflects a deep commitment to safeguarding information and maintaining trust:

Security Awareness for Everyone: Every Interloc employee completes rigorous security awareness training, with monthly and annual refreshers to stay ahead of evolving threats.
Governance with Accountability: All security operations and change management decisions are formally reviewed and approved by our change control board, which includes active participation from senior management.
Industry Leading Certifications: Our Information Security Management System (ISMS) holds SOC 2 accreditation, is certified under ISO 27001 and ISO 27017, and aligns with NIST 800-171/NIST 800-53 standards demonstrating our unwavering commitment to global best practices.

At Interloc, we don’t just comply with security standards, we set a higher bar. Our customers trust us not only for our technical expertise but for our steadfast dedication to protecting what matters most: their data.

Your operations deserve a partner who treats security as a strategic priority. We invite you to read the next blog in our security series Building Trust Through Secure Foundations. Get in touch with Interloc to learn how our leadership-driven security program can strengthen your data protection strategy and support long-term resilience.
Contact us today.

IBM Maximo Application Suite On‑Prem Installation: Design Considerations

Khalid Sayyed — Mon, 03 Nov 2025 13:19:14 GMT

This article provides a pragmatic, production-focused reference for design considerations in deploying IBM Maximo Application Suite (MAS) on Red Hat OpenShift running on-prem. Since MAS has a considerable infrastructure footprint, carefully designing and clearly stating the infrastructure requirements is important to make sure infrastructure, network and security teams are on board and aligned.

Reference Architecture Overview

In this implementation example, the OpenShift cluster runs on VMware vSphere, which provides the compute hosts for control-plane and worker nodes, plus shared storage and networking. In this example we have used the “Assisted Installer” on Red Hat for on-prem but other methods can be used as well.
Two virtual IPs (VIPs) are reserved—one for the API and one for Ingress—so operators and apps can reach the cluster and routes consistently even as pods move.
Control-plane nodes handle etcd, scheduling, and core services; worker nodes run MAS workloads. Right-sizing counts (CPU/RAM/disk) follow capacity planning, may also provide storage if OpenShift Data Foundation is used.
Cluster networks: OpenShift’s service network uses 172.30.0.0/16 and the pod network uses 10.128.0.0/14.
Corporate egress/proxy: If your data center uses a re-encrypting proxy (e.g., Zscaler ZIA), import its certs early—this matters for cluster installation and image pulls. Cluster might need to reach out to Internet Container Repos being used such as quay.io, docker.io and others, depending upon the specific installation
Persistent storage: Provide a StorageClass via OpenShift Data Foundation (ODF) or an enterprise NFS.
DNS & certificates: Delegate a cluster subdomain (e.g., mas.example.org) to an ACME DNS-01 provider (Azure DNS, Cloudflare, Route 53), and forward subdomain lookups there so cert-manager can validate.
Cert-manager egress: Ensure cert-manager can reach the chosen DNS provider’s endpoints (e.g., Google/Cloudflare) for challenge validation; update operator settings if access is restricted.
IP planning: Allocate one IP per node plus the API/Ingress VIPs; align with firewall/NAT rules to permit required egress and inbound routes.
Install jumpbox: Use a bastion/jumpbox with Docker/Podman to run mascli/ansible scripts; on Windows, WSL can supply Linux userland.

Infrastructure Design and Considerations

As a starting point, use IBM Infrastructure Calculator to estimate infrastructure requirements, i.e. number of control plane and worker nodes and their sizing (CPU, RAM, Disk) - https://www.ibm.com/docs/en/masv-and-l/cd?topic=premises-requirements-capacity-planning

Provide a default StorageClass using ODF or an enterprise NFS as required by MAS components. For ODF, deploy three storage/infra nodes with SSD/NVMe and validate IOPS/latency prior to MAS installation.

In high-availability (non-SNO) deployments, distribute node VMs across distinct hypervisors/physical servers. Avoid co-locating two control-plane VMs on the same host; apply the same separation to ODF/OCS storage nodes.

With OCS/ODF, a 10 Gbps link is recommended for storage nodes. In the default three-node setup, every write is replicated to all three nodes.

Keep the application and database in the same data center (or on a sub-ms link) to prevent latency and performance issues.

Network Considerations

Default (and recommended) OpenShift’s service network is 172.30.0.0/16 and the pod network is 10.128.0.0/14; avoid overlapping these ranges with on-prem subnets to prevent conflicts. Default subnets for Pods, Services can be modified on install in case there are conflicts with customer’s subnets.

Identify internet proxy, if any, being used by the on-prem network and get certificates for any re-encrypting proxy such as Zscaler Internet Access (ZIA) that might be used, as this will be entered while generating OpenShift Discovery ISOs.

IP requirements for the on-prem network are one IP address per node, plus reserved VIPs for API and Ingress.

Using DHCP reservations for the nodes is recommended. Otherwise, as an alternative, static IPs can be used.

DNS Considerations

For ACME, delegate a subdomain for the cluster (for example, mas.example.org) to an ACME DNS‑01 provider such as Azure DNS, Cloudflare, Amazon Route 53.

Forward subdomain DNS queries to DNS-01 provider name servers for resolution.

Cert-manager needs to access Google and Cloudflare DNS to internally validate the subdomain, if either of these are not accessible from on-prem network, make sure to update accordingly in Cert-manager operator. Cert-manager must also reach your chosen DNS provider’s API endpoints.

The Ingress router isn’t limited to the default *.apps.<cluster-domain> wildcard. It will serve any Route you configure, provided the corresponding DNS records resolve to the ingress IP.

The list of ACME/DNS01 supported DNS providers is here: https://cert-manager.io/docs/configuration/acme/dns01/

There are other validation mechanisms for ACME besides DNS01 but DNS01 is the only one that supports wildcard certificates.

This example uses Automated Certificate Management with certificates issued by Let’s Encrypt. Alternatively, you can use Manual Certificate Management or Automated Certificate Management backed by an AD Certification Authority.

Jumpbox/bastion host

For installation, a Jumpbox running Docker/Podman is needed to run mascli docker container. If the Jumpbox is running Windows OS, WSL can be used for running a Linux kernel.

Conclusion

Deploying MAS on OpenShift on-prem is mostly about getting the foundations right: accurate capacity planning, a reliable storage class, clean IP/CIDR choices, DNS delegation for ACME, and predictable egress through the corporate proxy. When those pieces are aligned, the MAS install becomes repeatable and supportable.

Maximo Application Suite Security Bulletins October 2025

Darlene Nerden — Thu, 30 Oct 2025 13:13:34 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783 –

https://www.ibm.com/support/pages/node/7245963?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218 –

https://www.ibm.com/support/pages/node/7245966?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7247290?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7247288?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7247287?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182 –

https://www.ibm.com/support/pages/node/7247289?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Asset Management application (CVE-2025-48924) –

https://www.ibm.com/support/pages/node/7247321?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-48924) –

https://www.ibm.com/support/pages/node/7247320?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36099) –

https://www.ibm.com/support/pages/node/7247322?myns=swgother&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLLAM-OCSSG2D3-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLKT6-OCSSLL84-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server could allow a remote attacker to bypass security restrictions –

https://www.ibm.com/support/pages/node/7247344?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses Pillow is a Python imaging library format due to writing into a buffer –

https://www.ibm.com/support/pages/node/7247343?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server are vulnerable to denial of service –

https://www.ibm.com/support/pages/node/7247342?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls –

https://www.ibm.com/support/pages/node/7247345?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions (CVE-2024-56339) –

https://www.ibm.com/support/pages/node/7247521?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-32873 –

https://www.ibm.com/support/pages/node/7247542?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-48432 –

https://www.ibm.com/support/pages/node/7247541?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935 –

https://www.ibm.com/support/pages/node/7249073?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack –

https://www.ibm.com/support/pages/node/7249352?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability –

https://www.ibm.com/support/pages/node/7249353?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc –

https://www.ibm.com/support/pages/node/7249355?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538 –

https://www.ibm.com/support/pages/node/7249369?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting –

https://www.ibm.com/support/pages/node/7249382?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability –

https://www.ibm.com/support/pages/node/7249385?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability –

https://www.ibm.com/support/pages/node/7249381?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service –

https://www.ibm.com/support/pages/node/7249384?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration –

https://www.ibm.com/support/pages/node/7249383?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Detecting Air Leaks in Metro Rail Pneumatic Systems with IBM Maximo Monitor Derived Metrics

Khalid Sayyed — Tue, 28 Oct 2025 12:55:26 GMT

As urban transit systems expand and become more complex, ensuring the health and efficiency of mission-critical assets is vital to operational continuity. One such asset — the air compressor — plays a critical role in metro rail environments, supporting pneumatic braking systems, HVAC, and automated doors. A seemingly minor issue like an air leak in the pneumatic systems can cause compressors to run excessively, consuming more power, increasing maintenance needs, and leading to avoidable service interruptions.

In this blog, we continue our exploration of IBM Maximo Monitor, focusing on how you can use it to track compressor runtime and detect potential leaks in real time using derived metrics.

Understanding the Use Case: Air Leaks in Transit Infrastructure

In a metro rail system, air compressors are expected to run intermittently. However, if there's a leak in the pneumatic circuit, the compressor compensates by running longer or continuously — a tell-tale sign of inefficiency.

Manually identifying such issues is labor-intensive and often reactive. Our goal is to detect anomalies in compressor runtime early, using amperage data from existing sensors and Maximo Monitor’s real-time analytics.

A Quick Recap: What is IBM Maximo Monitor?

IBM Maximo Monitor offers a powerful, scalable solution for visualizing real-time IoT data, detecting anomalies, and driving data-informed decisions. Purpose-built for operational environments, it brings together streaming telemetry and advanced analytics to deliver:

Real-time IOT metrics dashboards
Intelligent alerting and rule-based thresholds
Integration with Maximo Manage, Health and Predict
AI models for anomaly detection
Derived metrics that turn raw signals into operational insights

The Power of Derived Metrics

One of the most transformative features in Monitor is the ability to define derived metrics. These metrics are calculated in real time from incoming data streams — enabling you to interpret asset behavior, detect states, and quantify operational performance.

For example, if a sensor reports current (amperage), a derived metric can tell you:

When the equipment is running
For how long it has been running
How often it transitions between running and stopped states

Understanding Compressor Leaks in Railway Systems

How do leaks occur? Common root causes include:

Wear and tear on pneumatic lines (vibration, abrasion, cracks)
Loose or degraded fittings and connectors
Aging valves and seals that lose integrity
Internal corrosion from moisture in the system
Operator or maintenance errors (e.g., over-torqued fittings)

When leaks occur, the compressor compensates by running longer to maintain system pressure, leading to excessive energy use, premature wear, and potential service disruptions.

Building the Compressor Runtime Use Case

Step 1: Stream Current (amperage) Data to Monitor

Example payload:
{
"timestamp": "2024-07-24T01:00:00Z",
"compressor_id": "COMP-101",
"current": 9.2
}

Step 2: Use PrepareTimeInState to Track States (Running vs Stopped)

Function used: If current reading is greater than 1, compressor is running:

Step 3: Aggregate with AggregateTimeInState

Function used: Calculate how much the compressor was running each hour.

Step 4: Visualize Runtime Trends

Normal runtime: ~25–30 min/hour. Spikes or drops may indicate anomalies.

Step 5: Configure Smart Alerts

Final Thoughts

With just amperage data and a few derived metrics, Maximo Monitor unlocks a new level of visibility, efficiency, and confidence for operations teams. Transit agencies can detect leaks before they escalate, optimize maintenance workflows, and reduce system downtime.

Reeves Thurman Earns PfMP® Certification | Interloc Solutions

Scott Peluso — Wed, 22 Oct 2025 14:13:04 GMT

We are proud to announce that Reeves Thurman has officially earned the Portfolio Management Professional (PfMP®) certification, the highest-level credential awarded by the Project Management Institute (PMI).

The PfMP® is a globally recognized mark of excellence for senior leaders who manage and align portfolios of projects and programs with organizational strategy. With fewer than 2,100 certified professionals worldwide, Reeves’ achievement places him among the most elite experts in project and portfolio management.

Why This Matters for Our Clients

Reeves’ PfMP® certification is more than a personal milestone—it’s a direct benefit to our clients. Here’s how:

Strategic Alignment: Clients can trust that every initiative we pursue is aligned with long-term business goals, ensuring maximum value for every dollar invested.
Smarter Decision-Making: With expertise in portfolio governance, Reeves helps organizations prioritize the right projects—not just manage projects well. This leads to higher ROI and reduced risk.
Performance Optimization: Clients benefit from advanced practices that improve project success rates, resource utilization, and portfolio performance.
Future-Focused Growth: PfMP®-certified leaders are trusted across industries like IT, finance, healthcare, and government to make high-stakes decisions that shape organizational futures. Our clients gain access to that same level of foresight and leadership.

What This Means for You

For our clients, Reeves’ PfMP® designation ensures that when you work with us, you’re supported by leadership that is globally recognized for strategic excellence, value delivery, and portfolio optimization.

This certification strengthens our ability to help you:

Accelerate growth by aligning your projects with strategy.
Maximize returns on your investments.
Confidently pursue initiatives that create measurable impact.

Celebrating Excellence, Delivering Value

Reeves’ achievement demonstrates not only his personal dedication but also our company’s ongoing commitment to delivering the highest level of strategic portfolio management for our clients.

Please join us in congratulating Reeves Thurman on this remarkable accomplishment—and know that as our clients, the benefits of this certification are yours to share.

From the Navy to the PMO: A Journey of Innovation, Execution, and Leadership

Just before transitioning out of the military, I completed my MBA with a specialization in Innovation & Entrepreneurship — a fitting capstone to a career that had already spanned roles as an Enlisted Marine, Submariner, and Surface Warfare Officer. My final military assignment was as a Chief Engineer, a role that deeply shaped my perspective on systems, operations, and leadership.

At the close of that chapter, I joined Interloc Solutions to support the development of a prototype for the U.S. Navy — integrating Maximo and Mobile Informer to unify maintenance-related programs across the fleet. It was a critical initiative, and one that aligned perfectly with my engineering background and passion for operational excellence.

After successfully delivering the Navy MRO prototype, I stayed on as a Project Manager. Over the years, I’ve had the privilege of growing with the company — first as Director of Federal Delivery, and now as Director of the Project Management Office (PMO). Each role has brought new challenges and opportunities to lead teams, drive transformation, and deliver value across a wide range of industries.

Working at Interloc has been incredibly rewarding. I take pride in helping clients streamline their business processes and enhance their use of Maximo and Mobile Informer — not just for smoother day-to-day operations, but for stronger bottom-line results. It’s a pleasure to collaborate with such talented, creative professionals who bring their best to every engagement.

What Drives Me

Outside of work, I focus on my family and strength training, both of which keep me grounded and energized. I’ve long treated management as a craft, one that I continue to study and refine. When asked recently about my passion, the answer was clear: Execution.

Execution is the discipline of getting things done. Of building and evolving systems, both personal and professional, that create clarity, flow, and efficiency. And in the end, efficiency is profitability.

Ready to see what disciplined execution can do for your organization? Connect with Interloc Solutions to learn how our team delivers clarity, flow, and measurable outcomes.

MAS deployment series: Preparing & Executing Automated DB2 Backups–2/2

Julio Perera — Tue, 23 Sep 2025 15:13:22 GMT

Abstract: We are continuing our series of Blog Entries to cover some MAS deployment scenarios either left out or not appropriately covered on the IBM Ansible scripts. We are going to also discuss considerations and tips and hints around these deployments. This time we are configuring automated DB2 backups against a pre-existing Storage Class and discussing limitations and considerations as well.

Due to the length of the procedure and considerations being discussed, we are splitting this blog post into two parts. This is Part 2 of 2.

References:

The related IBM documentation for the Ansible Role to backup and restore the Suite Configurations (not the same as the DB2 database) can be found at the URL https://github.com/ibm-mas/ansible-devops/tree/master/ibm/mas_devops/roles/suite_backup_restore.

The related IBM documentation for the Ansible Role to backup and restore Applications Configurations (such as Manage) (not the same as the Manage Database) can be found at the URL https://github.com/ibm-mas/ansible-devops/tree/master/ibm/mas_devops/roles/suite_app_backup_restore.

Content:

This is the continuation of the previous Blog Post named “MAS deployment series: Preparing and executing automated DB2 backups – Part 1 of 2” and we are going to resume our procedure to execute periodic DB2 backups with the actual configurations that will be submitted to the OpenShift Cluster.

Please see the previous blog post for important considerations and an introduction to the problem and general approach.

While the configurations discussed previously rely on several settings, we are going to define environment variables for most of them so they can be configured appropriately and flexibly enough for future executions, some of these are:

DB2_BACKUPS_STORAGE_CLASS_NAME=<storage-class-name>

Will be the Storage Class Name to use to create the Persistent Volume Claims and Persistent Volumes as the Backup Destination. It needs to exist beforehand in the Cluster and ideally support Dynamic Provisioning and the “ReadWriteMany” Access Mode.

DB2_BACKUPS_STORAGE_CLASS_ACCESS_MODE=<access-mode>

As stated above, it should be “ReadWriteMany” (as supported by the Storage Class)

DB2_NAMESPACE=<db2-namespace>

The Namespace (or Project) where the target DB2 database is installed.

DB2_DB_NAME=<db2-database-name>

The Database Name for the DB2 instance where to execute backups against.

DB2_CLUSTER_NAME=<db2-database-name>

The DB2U Cluster Name for the DB2 instance where to execute backups against. This can be obtained by executing a command like the following:

export DB2_CLUSTER_NAME=$(oc get db2ucluster -n ${DB2_NAMESPACE} -o=jsonpath='{range .items[*]}{@.spec.environment.database.name} {@.metadata.name}{"\n"}{end}' | grep ${DB2_DB_NAME} | awk '{print $2}')

Which should directly assign the value to the variable as intended. Notice that it depends on having the DB2_NAMESPACE and DB2_DB_NAME configured first as a pre-requisite.

DB2_BACKUPS_SCHEDULE=<backup-schedule>

Specifies when the backups (via OpenShift Cron Job) are run. The format of this field is intended for the OpenShift Cron Job Specification "schedule", which uses the standard Linux Cron "crontab" specification (see https://en.wikipedia.org/wiki/Cron). A god value for daily backups could be “15 3 * * *” which means every day at 3:15 am.

DB2_BACKUPS_FOLDER_PATH="/mnt/backup"

The backup destination for the backups generated by the DB2 utility. This is basically where the “backup” target of /spec/storage is going to be specified for the “db2ucluster” Custom Resource. More details on this later. This value is NOT intended to be configurable.

DB2_BACKUPS_PARAM_NUM_DB_BACKUPS=<db2-number-of-backups>

This parameter is used to configure the underlying DB2 database NUM_DB_BACKUPS database configuration value. Which specifies the number of backups to retain for a database before marking the oldest backup as deleted.

DB2_BACKUPS_PARAM_REC_HIS_RETENTN=<db2-number-of-backups>

DB2_ARCHIVE_LOGS_FOLDER_PATH=" /mnt/logs/archive"

The backup destination for the backups generated by the DB2 utility. This is basically where the “archivelogs” target of /spec/storage is going to be specified for the “db2ucluster” Custom Resource. More details on this later. This value is NOT intended to be configurable.

DB2_ARCHIVE_LOGS_RETENTION_PERIOD=<backups-retention-period>

The Backups Retention Period. The default value is "+10" (10 days). The value is meant to be passed to a "find" command line that deletes older Backup Files by using this value after the "mtime" parameter. See the "find" man page or documentation for possible values and meaning.

DB2_BACKUPS_BACKUP_STORAGE_REQUEST_SIZE_GB=<backup-storage-size>

The Persistent Volume Claim size to request when creating the Storage to attach for the Backups destination. Expressed in Units that a PVC Size can take (Ti, Gi, Mi, Ki, etc.) The value can be higher or lower depending on target database size, retention policy and backup frequency. In our case, we are using a formula to calculate:

DB2_BACKUPS_BACKUP_STORAGE_REQUEST_SIZE_GB = DB2_CURRENT_SIZE_GB * FACTOR

Where FACTOR as discussed in the previous Part 1 of 2 of this Blog is usually “*20”. Therefore, we are using to estimate 20 times the current DB2 database size.

The current DB2 database size (DB2_CURRENT_SIZE_GB) can be obtained by using “db2 -x select db_size/1073741824 as DB2_CURRENT_SIZE_GB from systools.stmg_dbsize_info” using the DB2 command line utility from the DB2 Pod while connected to the correct database. For this number to be as accurate as possible, it is also recommended to run “db2 \"call get_dbsize_info(?,?,?,0)\"” first.

DB2_BACKUPS_ARCHIVE_LOGS_STORAGE_REQUEST_SIZE_GB=<archive-logs-storage-size>

The Persistent Volume Claim size to request when creating the Storage to attach for the Archive Logs destination. Expressed in Units that a PVC Size can take (Ti, Gi, Mi, Ki, etc.) The value can be higher or lower depending on target database size, retention policy and backup frequency. In our case, we are using a formula to calculate:

DB2_BACKUPS_ARCHIVE_LOGS_STORAGE_REQUEST_SIZE_GB = DB2_CURRENT_SIZE_GB * FACTOR

Where FACTOR as discussed in the previous Part 1 of 2 of this Blog is usually “/2”. Therefore, we are using to estimate as half the current DB2 database size.

The current DB2 database size (DB2_CURRENT_SIZE_GB) can be obtained as described in the above paragraph related to the previous size for backups.

DB2_BACKUPS_SUCCESSFUL_JOB_HISTORY_LIMIT=<number>

The number of successful OpenShift Cron Jobs Pods to leave on the history so they can be seen and their logs also visualized. The default number we typically use is "3".

DB2_BACKUPS_FAILED_JOB_HISTORY_LIMIT=<number>

The number of failed OpenShift Cron Jobs Pods to leave on the history so they can be seen and their logs also visualized. Normally if an execution fails for any reason, it gets retried right away so there should be a good execution afterwards in case of temporary failures. Considering that, the default number we like to use is "1". However, in case of permanent failures (misconfigurations, lack of space, expired certs, etc.) then the Cron Job waits an increasing amount of time between successive executions.

Note: What follows to configure the DB2 database will restart the DB2 Pods and shut down the database after reconfiguration so please consider an outage for the configurations that follow.

Once armed with all the sizes and variables, we can proceed to prepare the DB2 database for backups, to do so, the first step is to ensure there is a section of the “DB2UCluster” custom resource that we need to edit or add to ensure the Backup and Archive Logs destinations are correctly configured and mounted in the DB2 Pods.

Those are like what is being shown in the example below:

storage:

- name: backup

spec:

accessModes:

- ReadWriteMany

resources:

requests:

storage: 300Gi

storageClassName: backups-nfs-storage

type: create

- name: archivelogs

spec:

accessModes:

- ReadWriteMany

resources:

requests:

storage: 150Gi

storageClassName: backups-nfs-storage

type: create

Again, above is just an example, where the Sizes and Storage Class Name are meant to be replaced.

To create them if they do not exist, we can use the following commands:

For the Main Backups Destination:

oc patch db2ucluster ${DB2_CLUSTER_NAME} -n ${DB2_NAMESPACE} --type 'json' -p '[{\"op\": \"add\", \"path\": \"/spec/storage/-\", \"value\": {\"name\": \"backup\", \"spec\": {\"accessModes\": [\"${DB2_BACKUPS_STORAGE_CLASS_ACCESS_MODE}\"], \"resources\": {\"requests\": {\"storage\": \"${DB2_BACKUPS_BACKUP_STORAGE_REQUEST_SIZE_GB}Gi\"}},\"storageClassName\": \"${DB2_BACKUPS_STORAGE_CLASS_NAME}\"},\"type\": \"create\"} }]'

and for the Archive Logs:

oc patch db2ucluster ${DB2_CLUSTER_NAME} -n ${DB2_NAMESPACE} --type 'json' -p '[{\"op\": \"add\", \"path\": \"/spec/storage/-\", \"value\": {\"name\": \"archivelogs\", \"spec\": {\"accessModes\": [\"${DB2_BACKUPS_STORAGE_CLASS_ACCESS_MODE}\"], \"resources\": {\"requests\": {\"storage\": \"${DB2_BACKUPS_ARCHIVE_LOGS_STORAGE_REQUEST_SIZE_GB}Gi\"}},\"storageClassName\": \"${DB2_BACKUPS_STORAGE_CLASS_NAME}\"},\"type\": \"create\"} }]'

Both commands depend on variables that should have been defined with values as per above.

Once submitted the DB2U Operator should modify the database Pods accordingly and will mount

Next, we are going to configure the database itself and to do so we can execute the following commands:

db2 update database configuration for ${DB2_DB_NAME} using NUM_DB_BACKUPS ${DB2_BACKUPS_PARAM_NUM_DB_BACKUPS}

db2 update database configuration for ${DB2_DB_NAME} using REC_HIS_RETENTN ${DB2_BACKUPS_PARAM_REC_HIS_RETENTN}

db2 update database configuration for ${DB2_DB_NAME} using AUTO_DEL_REC_OBJ ${DB2_BACKUPS_PARAM_AUTO_DEL_REC_OBJ}

db2 update database configuration for ${DB2_DB_NAME} using LOGARCHMETH1 DISK:${DB2_ARCHIVE_LOGS_FOLDER_PATH}

Notice these should be executed in the DB2 Pod using the “db2inst1” user and the proper environment variables should be used for them as well. We could also use “oc” to execute directly but for that we need to resolve the DB2_POD_NAME which is typically in the form of “c-${DB2_CLUSTER_NAME}-db2u-0”

An example of the command using the DB2_POD_NAME follows:

oc exec ${DB2_POD_NAME} -n ${DB2_NAMESPACE} -c db2u --request-timeout=15m -- su - db2inst1 -c 'db2 update database configuration for ${DB2_DB_NAME} using NUM_DB_BACKUPS ${DB2_BACKUPS_PARAM_NUM_DB_BACKUPS}'

That would be for the first of the four above commands. The other three should be similar.

After that we should restart the database to take the new settings and copy the Archive Logs from the default location to the new in the Backups Storage Class, using:

oc exec ${DB2_POD_NAME} -n ${DB2_NAMESPACE} -c db2u --request-timeout=15m -- su - db2inst1 -c 'db2stop force && cp -rufv /mnt/bludata0/db2/archive_log/* ${DB2_ARCHIVE_LOGS_FOLDER_PATH}/'

It is recommended to manually review the above copy and delete the files that were copied over from the original Archive Logs source folder at “/mnt/bludata0/db2/archive_log/”.

Finally, we are ready to start defining the Backup Cron Job and to do so, we create the following Service Account, Cluster Role and Cluster Role Binding to give privileges enough to the Backup Cron Job and related Pods:

apiVersion: v1

kind: ServiceAccount

metadata:

namespace: ${DB2_NAMESPACE}

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

namespace: ${DB2_NAMESPACE}

rules:

- apiGroups: [""]

resources: ["pods", "pods/log"]

verbs: ["get", "list"]

- apiGroups: [""]

resources: ["pods/exec"]

verbs: ["get", "create"]

- apiGroups: ["db2u.databases.ibm.com"]

resources: ["*"]

verbs: ["list", "get", "watch", "update", "patch"]

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

subjects:

- kind: ServiceAccount

namespace: ${DB2_NAMESPACE}

roleRef:

kind: ClusterRole

apiGroup: rbac.authorization.k8s.io

Next, copy and paste the following file into the filesystem for the workstation:

apiVersion: batch/v1

kind: CronJob

metadata:

namespace: ${DB2_NAMESPACE}

spec:

schedule: "${DB2_BACKUPS_SCHEDULE}"

concurrencyPolicy: Forbid

startingDeadlineSeconds: 200

suspend: false

successfulJobsHistoryLimit: ${DB2_BACKUPS_SUCCESSFUL_JOB_HISTORY_LIMIT}

failedJobsHistoryLimit: ${DB2_BACKUPS_FAILED_JOB_HISTORY_LIMIT}

jobTemplate:

spec:

template:

metadata:

namespace: ${DB2_NAMESPACE}

labels:

type: "db2-backup"

dbname: "${DB2_DB_NAME}"

spec:

serviceAccountName: db2-backups-service-account

containers:

- name: db2-backup

image: registry.redhat.io/openshift4/ose-cli:latest

imagePullPolicy: IfNotPresent

command: ["/bin/bash", "-c" ,"oc exec c-$(oc get db2ucluster -o=jsonpath='{range .items[*]}{@.spec.environment.database.name} {@.metadata.name}{\"\\n\"}{end}' | grep ${DB2_DB_NAME} | awk '{print $2}')-db2u-0 -c db2u --request-timeout='15m' -- su - db2inst1 -c 'db2 -v \"backup database ${DB2_DB_NAME} on all dbpartitionnums online to ${DB2_BACKUPS_FOLDER_PATH} include logs without prompting\" && mkdir -p ${DB2_ARCHIVE_LOGS_FOLDER_PATH}/db2inst1/${DB2_DB_NAME} && /usr/bin/find ${DB2_ARCHIVE_LOGS_FOLDER_PATH}/db2inst1/${DB2_DB_NAME} -name *.LOG -type f -mtime ${DB2_ARCHIVE_LOGS_RETENTION_PERIOD} -print -exec rm -f {} \\;'"]

env:

- name: DB2_DB_NAME

value: ${DB2_DB_NAME}

- name: DB2_BACKUPS_FOLDER_PATH

value: "${DB2_BACKUPS_FOLDER_PATH}"

- name: POD_EXECUTION_TIMEOUT

value: "${POD_EXECUTION_TIMEOUT}"

- name: DB2_ARCHIVE_LOGS_FOLDER_PATH

value: "${DB2_ARCHIVE_LOGS_FOLDER_PATH}"

- name: DB2_ARCHIVE_LOGS_RETENTION_PERIOD

value: "${DB2_ARCHIVE_LOGS_RETENTION_PERIOD}"

restartPolicy: Never

Once saved, run the following command to substitute the environment variables on the file with their values and generate another file with the substituted values instead of the references:

envsubst < file-name-with-envvars.yaml > file-name-substituted.yaml

Where the file-name-with-envvars.yaml is the file that was saved from above and the file-name-substituted.yaml is the generated file with the environment variables substituted.

Note: Any environment variable ending with “@E” are meant to take effect while executing and will not be substituted by “envsubst” when generating the substituted file.

Review the file-name-substituted.yaml file for correctness then submit to the cluster using:

oc apply -f file-name-substituted.yaml

Finally, we are going to try to explain what the very long “command” contents of the OpenShift Cron Job mean step by step (remember they are separated by “&&”):

Finds the actual name of the DB2 Pod and inside:
Executes the backup using “backup database ${DB2_DB_NAME} on all dbpartitionnums online to ${DB2_BACKUPS_FOLDER_PATH} include logs without prompting”.
Creates the Archive Logs folder if it does not exist so the next command does not fail due to folder not existing.
Searches Archive Logs folder for files older than the specified DB2_ARCHIVE_LOGS_RETENTION_PERIOD value and deletes them.

Note: The “env” section with the environment variables values are just for guiding/reference purposes and have no effect on the actual execution of the command.

Maximo Application Suite Security Bulletins-September 2025

Darlene Nerden — Tue, 23 Sep 2025 13:20:57 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Location Service for ESRI Component uses requests-2.32.3, urllib3-2.4.0 and flask-3.1.0 libraries which are vulnerable to CVE-2024-47081, CVE-2025-50181, CVE-2025-50182 and CVE-2025-47278 –

https://www.ibm.com/support/pages/node/7243553?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099 –

https://www.ibm.com/support/pages/node/7243685?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-72.1.0-py3-none-any.whl CVE-2025-47273 –

https://www.ibm.com/support/pages/node/7243684?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.4.2-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2025-47287 –

https://www.ibm.com/support/pages/node/7243691?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818) –

https://www.ibm.com/support/pages/node/7244112?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in dojo-1.17.3.js used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273) –

https://www.ibm.com/support/pages/node/7244107?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976) –

https://www.ibm.com/support/pages/node/7244113?myns=swgother&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLKSJ&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLL84-OCSSG2D3-OCSSLL8M-OCSSWT9A-OCSSLL9G-OCSSLL9Z-OCSSLKT6-OCSSLKSJ-OCSSLLAM-OCSS5RRF-OCSSKVFR-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management ( CVE-2025-33142) –

https://www.ibm.com/support/pages/node/7244110?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSSLKT6-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-50181,CVE-2025-50182) –

https://www.ibm.com/support/pages/node/7244111?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –

https://www.ibm.com/support/pages/node/7244109?myns=swgother&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSWT9A&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSLKSJ&mynp=OCSSLL8M&mynp=OCSSLL9Z&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSKVFR-OCSSWT9A-OCSSLL84-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSS5RRF-OCSSLKSJ-OCSSLL8M-OCSSLL9Z-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387 –

https://www.ibm.com/support/pages/node/7244252?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817 –

https://www.ibm.com/support/pages/node/7244985?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493 –

https://www.ibm.com/support/pages/node/7245066?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924 –

https://www.ibm.com/support/pages/node/7245824?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak –

https://www.ibm.com/support/pages/node/7245823?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643 –

https://www.ibm.com/support/pages/node/7245821?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864 –

https://www.ibm.com/support/pages/node/7245825?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287 –

https://www.ibm.com/support/pages/node/7245827?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Starlette framework which is vulnerable to CVE-2025-54121 –

https://www.ibm.com/support/pages/node/7245826?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library –

https://www.ibm.com/support/pages/node/7245837?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768 –

https://www.ibm.com/support/pages/node/7245838?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Have questions or want more information:

Preparing & Executing Automated DB2 Backups when Running on RedHat OpenShift

Julio Perera — Wed, 03 Sep 2025 15:44:26 GMT

Due to the length of the procedure and considerations being discussed, we are splitting this blog post into two parts. This is Part 1 of 2.

References:

DB2 estimates for Storage Calculations can be found at https://www.ibm.com/docs/en/db2-for-zos/12?topic=data-general-approach-estimating-storage and https://studylib.net/doc/7013177/storage-system-volume-sizing-requirements. Capacity considerations can be found at https://www.ibm.com/docs/en/db2/11.5?topic=views-get-dbsize-info-database-size-capacity.

Content:

We wanted to periodically back up a DB2 database running inside OpenShift using the DB2 Operator that can be installed as part of the IBM Ansible install or using manual or our own Interloc scripting (not publicly available).

up files on the main DB2 Pod filesystem should not be a proper/good solution from a backup perspective.

As a result, there should be a DB2 Operator installed which manages a Db2u Cluster as seen in the below screenshot:

While there may be more than one DB2 instance (depending on deployment options and how many MAS Manage or Monitor/Predict, etc. instances are associated/connected to each DB2 instance), the general case being that we want to periodically and automatically backup one instance identified by its Project/Namespace in OpenShift. DB2 Warehouse instances as required by Monitor/IoT/Predict, etc. are considered as well.

The main consideration being that we need a Backup Storage Class that can be used to store the backups, typically we recommend a Storage Class that is outside of the OpenShift Cluster in terms of actual storage, such as a Cloud Provisioned Storage (such as NFS based) or a separate Storage Server (NAS, SAN, etc.) for on-premises. Also, for Cloud Storage, the recommendation is to have the actual Storage outside of the same Data Center and if possible, even in a different Region that hosts the OpenShift Cluster. Naming such Storage Class as the Backup Storage Class for the purposes of this Blog.

We are going to discuss important Backup Storage Class considerations and architectural design on a future blog post. But just wanted to mention that in a previous Blog Entry with URL: MAS Deployment Series: Configuring S3 Object Storage as an OpenShift Storage Class, we discussed the creation of a Storage Class suited for backups that can be configured in IBM Cloud as a “Global” S3/COS and therefore is not tied to specific geography constraints.

Also, the Storage Class should support Dynamic Provisioning (i.e. automatically creating Persistent Volumes or PVs from Persistent Volume Claims or PVCs).

We are also going to automatically execute the Backups using an OpenShift Cron Job that periodically executes the backup using the “db2” command line utility which is being passed a command to back up the database on a specific Target Path (see below).

The main dependencies and moving parts of the backup process are:

A Service Account and Cluster Role + Cluster Role Binding for authorizing the backups privileges required on the target MongoDB CE Project/Namespace.
The PVC contains the actual backup files. If the Storage Class supports dynamic provisioning as requested, then the PV will be dynamically created and depending on the strategy for the Storage Class a subfolder or other element will be created for the PV.
To have the backup path defined on the DB2 Pods, on the main “db2ucluster” Custom Resource for the Cluster; we are defining the standard “spec/storage” YAML node with name=”backup” as the target for the backup file. If not defined, we will define it. This will cause the DB2U Cluster to mount and restart the DB2 Pods with a PVC on the chosen Storage Class pointing to the associated Mount Point (“/mnt/backup” by default).
We are also putting the DB2 Archive Logs into a PVC using the same Backup Storage Class discussed above. And therefore, on the main “db2ucluster” Custom Resource for the Cluster; we are defining the standard “spec/storage” YAML node with name=”archivelogs” as the target for the backup file. If not defined, we will define it. This will cause the DB2U Cluster to mount and restart the DB2 Pods with a PVC on the chosen Storage Class pointing to the associated Mount Point (“/mnt/logs/archive” by default).
We are going to estimate the amount of disk space required for all the backups considering the desired Retention Policy.
We are going to configure some DB2 Parameters to associate to the Mount Points as per above and to make periodic backups possible and define retention policies.
The Backup Pod where the “oc” commands are being executed which is part of the OpenShift Cron Job
All that sequence of commands is executed by the Backup Pod via Shell Chaining using the “&&” “logical AND” sequential operator where for a command to be executed, the previous one must have returned a zero-value return code (and have been therefore executed successfully).

Input: Database Size (uncompressed backup): represented as N

Output: System / Metadata: 10 + N / 5

Output: User / Data: N * 2

Output: Active / Transaction Logs: N / 5

Output: Temporary: N / 3

Output: Backup: N * 20

Output: Archive Logs: N / 2

Those are used typically when configuring the different Storage parameters when creating the DB2 database instance. Some of them could be modified after the database has been created and deployed. In our case, for backup purposes we are only interested on the “Backup” size and the “Archive Logs” size. Which are calculated as N*20 and N/2 respectively. The formulas consider a daily backup schedule and retention policy of 1 month (including Archive Logs). If these assumptions change, the formulas should be modified accordingly.

We are also assuming a minimum size for the Backups destination of 300GB and for the Archive Logs of 150GB which should be reasonable. The minimum is used in case the calculation above yields number less than the minimum.

We also use other parameters that we reconfigure the database with, those are:

The DB2 parameter NUM_DB_BACKUPS: Specifies the number of backups to retain for a database before marking the oldest backup as deleted. We use “30” as the default value. Which with daily frequency means 30 days of backups.

The DB2 parameter REC_HIS_RETENTN: Specifies the number of days that historical information on backups is retained. We use “30” as the default value. Which with daily frequency means 30 days of backups. This parameter is combined with the above NUM_DB_BACKUPS and the most stringent is kept (so if more than one backup is taken daily, even for non-scheduled backups, more than “30” backups may be present on storage as all backups inside the specified time window will be retained).

The DB2 parameter AUTO_DEL_REC_OBJ: Specifies whether database log files, backup images, and load copy images should be deleted when their associated recovery history file entry is pruned. The default value we use is “ON” which works in conjunction with the previous two parameters.

The DB2 parameter LOGARCHMETH1: Specifies the Disk folder where the Archive Logs should be stored. The value is dependent on the Mount Point for the DB2 Archive Logs PVC as per above. Our default value is “DISK:/mnt/logs/archive”.

Now that we have discussed the considerations and numbers we use to configure the automatic backups, we will close this post and explain the step by step procedure of creating the PVCs/Mount Points, configuring DB2 instances and programming the backups themselves in our Part 2 which should come out soon.

Thanks for reading!

Maximo Application Suite Security Bulletins

Darlene Nerden — Thu, 28 Aug 2025 13:37:33 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965 –

https://www.ibm.com/support/pages/node/7240390?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups –

https://www.ibm.com/support/pages/node/7240972?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses urllib3 is a user-friendly HTTP client library for Python will remain the vulnerable –

https://www.ibm.com/support/pages/node/7240973?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104) –

https://www.ibm.com/support/pages/node/7241196?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSWT9A&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL9G&mynp=OCSSLKSJ&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSKVFR&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSWT9A-OCSSG2D3-OCSS5RRF-OCSSLKT6-OCSSLLAM-OCSSLL9G-OCSSLKSJ-OCSSLL8M-OCSSLL84-OCSSKVFR-_-E

Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU –

https://www.ibm.com/support/pages/node/7241195?myns=swgother&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSKVFR&mynp=OCSSLKSJ&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSLL8M-OCSSWT9A-OCSSLLAM-OCSSG2D3-OCSSLKT6-OCSSKVFR-OCSSLKSJ-OCSSLL84-OCSSLL9Z-OCSS5RRF-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –

https://www.ibm.com/support/pages/node/7241194?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL9Z&mynp=OCSSLKT6&mynp=OCSSLL8M&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLKSJ-OCSSLL9G-OCSSKVFR-OCSSLL84-OCSSG2D3-OCSSLLAM-OCSSLL9Z-OCSSLKT6-OCSSLL8M-OCSS5RRF-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038) –

https://www.ibm.com/support/pages/node/7241223?myns=swgother&mynp=OCSSKVFR&mynp=OCSSLL8M&mynp=OCSSLL84&mynp=OCSSLKSJ&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLLAM&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLL9G&mynp=OCSSG2D3&mync=E&cm_sp=swgother-_-OCSSKVFR-OCSSLL8M-OCSSLL84-OCSSLKSJ-OCSSWT9A-OCSSLL9Z-OCSSLLAM-OCSS5RRF-OCSSLKT6-OCSSLL9G-OCSSG2D3-_-E

Security bulletin: Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184) –

https://www.ibm.com/support/pages/node/7241290?myns=swgother&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSLL9Z-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-OCSSLL8M-OCSS5RRF-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6 –

https://www.ibm.com/support/pages/node/7241299?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-25193) –

https://www.ibm.com/support/pages/node/7241389?myns=swgother&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLL8M&mynp=OCSSLL9G&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSS5RRF&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-OCSSLL8M-OCSSLL9G-OCSSLL9Z-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSS5RRF-_-E

Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817) –

https://www.ibm.com/support/pages/node/7241390?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871" –

https://www.ibm.com/support/pages/node/7241394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

20 Years of Innovation: A Message from Our Founder, Mike Watson

Scott Peluso — Mon, 04 Aug 2025 17:07:24 GMT

In 2005, I founded Interloc Solutions with a simple vision: combine deep Maximo expertise, innovative solutions, and a relentless focus on client success. The IBM Maximo ecosystem was growing rapidly, and organizations across industries were looking for better ways to manage their most valuable assets.

We didn’t set out to be the biggest-we set out to be the best. And twenty years later, I’m proud to say that vision holds true.

Built on Expertise, Driven by Purpose

From the very beginning, we’ve been grounded in three core values:

Technical excellence in Maximo implementations and support
Customer-driven innovation
A deep investment in our people

Those values have allowed us to work with some of the most complex and mission-critical organizations-from public utilities and defense to transportation and government. We’ve helped them modernize systems, streamline operations, and achieve measurable outcomes.

Mobile Before Mobile Was Mainstream

Early in our journey, we recognized a coming shift: mobility. That foresight led to the development of Mobile Informer, our purpose-built, secure mobile platform for Maximo. It transformed how teams accessed data in the field, bringing work orders, inspections, and asset info to technicians—anytime, anywhere.

Mobile Informer is still leading the way, empowering field teams to work smarter, safer, and faster.

The Cloud Era and Our Evolving Services

As enterprise needs evolved, so did we. The shift toward cloud-based infrastructure became undeniable, and we invested early to meet the moment. Today, our Maximo cloud hosting and managed services help clients focus on results while we handle the tech-24/7.

Whether a client is moving off-prem, launching new in the cloud, or needs a fully managed solution, we tailor every deployment to fit their operational needs and security requirements.

What Makes Interloc Different? Our People.

Yes, we have great products. Yes, we know Maximo inside and out. But the real secret to our success? Our team.

Our consultants are more than technical experts-they’re problem solvers, strategic advisors, and trusted partners. Most importantly, they care. They care about doing things the right way, about understanding our clients’ pain points, and about delivering real solutions-not just checklists.

That’s why we’ve earned the trust of some of the world’s most demanding environments.

Looking Ahead: Built for What’s Next

As we move into our third decade, we remain focused on the future of asset management: AI-driven predictive maintenance, IoT and GIS integration, advanced analytics, and much more.

But we’re not just chasing trends. Our roadmap is shaped by where our clients need to go-not where the market happens to be.

A Heartfelt Thank You

To every client, partner, and team member—thank you. Your collaboration and trust are the foundation of everything we’ve built. Interloc’s journey has never been about following others. It’s been about solving real problems with bold, thoughtful innovation.

That’s how we started. And that’s how we’ll move forward—together.

Here’s to the next 20 years.

—Mike Watson
President & CEO, Interloc Solutions

MAS Deployment Series: Preparing and Executing Automated MongoDB Backups

Julio Perera — Mon, 28 Jul 2025 00:26:16 GMT

Abstract: We are continuing our series of Blog Entries to cover some MAS deployment scenarios either left out or not appropriately covered on the IBM Ansible scripts. We are going to also discuss considerations and tips and hints around these deployments. This time we are configuring automated MongoDB backups against a pre-existing Storage Class and discuss limitations and considerations as well.

References:

The related IBM documentation for the Ansible Role to backup and restore the Suite Configurations (not the same as the MongoDB database) can be found at the URL https://github.com/ibm-mas/ansible-devops/tree/master/ibm/mas_devops/roles/suite_backup_restore.

Content:

We wanted to periodically backup a MongoDB database running inside OpenShift using the default MongoDB Community Edition that can be installed as part of the IBM Ansible install or using manual or our own Interloc scripting (not publicly available).

While there may be more than one MongoDB CE (depending on deployment options and how many MAS Core instances are associated/connected to each MongoDB CE instance), the general case being that we want to periodically and automatically backup one instance identified by its Project/Namespace in OpenShift.

Also, the Storage Class should support Dynamic Provisioning (i.e. automatically creating Persistent Volumes or PVs from Persistent Volume Claims or PVCs).

We are also going to automatically execute the Backups using an OpenShift Cron Job that periodically executes the backup using the “mongodump” utility which basically Dumps ALL the databases present in the local MongoDB database. Documentation for the “mongodump” utility can be found at https://www.mongodb.com/docs/database-tools/mongodump/.

The main dependencies and moving parts of the backup process are:

A Service Account and Cluster Role + Cluster Role Binding for authorizing the backups privileges required on the target MongoDB CE Project/Namespace.
The PVC contains the actual backup files. If the Storage Class supports dynamic provisioning as requested, then the PV will be dynamically created and depending on the strategy for the Storage Class a subfolder or other element will be created for the PV.
We always try to execute the backup on the Primary Replica (and therefore a command to find it is also executed).
Given that the MongoDB Pods are created by the Operator, and that we have no easy way to point the Backup Storage Class to a PVC that can be mounted directly on the Pod, then the actual Backup Pod issues commands to create the backup file on a temporary folder to the MongoDB Pod then to copies it to the PVC/PV Mounted Folder The Backup Pod where the “oc” Commands are being executed which is part of the OpenShift Cron Job execution.
All that sequence of commands is executed by the Backup Pod via Shell Chaining using the “&&” “logical AND” sequential operator where for a command to be executed, the previous one must have returned a zero-value return code (and have been therefore executed successfully).

While the above configurations rely on several settings, we are going to define environment variables for most of them so they can be configured appropriately and flexibly enough for future executions, these are:

MONGODB_BACKUPS_STORAGE_CLASS_NAME=<storage-class-name>

MONGODB_BACKUPS_STORAGE_CLASS_ACCESS_MODE=<access-mode>

As stated above, ideally “ReadWriteMany” (as supported by the Storage Class) although “ReadWriteOnce” should be usable as well. But if re-using the same Storage Class to backup other targets such as DB2 databases, then the “ReadWriteMany” Access Mode becomes more important.

MONGODB_NAMESPACE=<mongodb-namespace>

The Namespace (or Project) where the target MongoDB CE is installed.

MONGODB_ADMIN_PASSWORD=<password>

The password for the “admin” user for the target MongoDB instance. The assumption is that we are using the MongoDB CE included by default running in OpenShift and in that instance only the “admin” user is configured. Other users can be configured as well which is outside of the scope of this Blog entry.

MONGODB_BACKUPS_SCHEDULE=<backup-schedule>

MONGODB_BACKUPS_RETENTION_PERIOD=<backups-retention-period>

MONGODB_BACKUPS_STORAGE_PVC_NAME=<pvc-name>

The PVC name to use to mount in the MongoDB Pods to execute the backups. A good default name could be "mongodb-ce-backups-pvc".

MONGODB_BACKUPS_FOLDER_PATH=<filesystem-path>

The Mount Point used by the OpenShift Cron Job to store the backup files (and also associated to the PVC). This value is largely artificial and here for completeness only, a good default could be "/mnt/backup".

MONGODB_BACKUPS_POD_TEMPORARY_FOLDER_PATH=<filesystem-path>

The temporary path in the actual MongoDB Pod where the backup file is going to be created and copied from, then later removed. This needs to be in a writable file system for the Pod and therefore, modifying it from the default value of "/tmp/backup" is not recommended. This is largely because we cannot mount the Backup PVC directly on the MongoDB Pods.

MONGODB_BACKUPS_BACKUP_STORAGE_REQUEST_SIZE=<backup-storage-size>

The Persistent Volume Claim size to request when creating the Storage to attach for the Backups destination. Expressed in Units that a PVC Size can take (Ti, Gi, Mi, Ki, etc.) The value can be higher or lower depending on target database size, retention policy and backup frequency; but generally, considering MongoDB dumps are in the small-ish side of things there is no need to make it overly large. The default value is "50Gi" which should be enough for most cases with space to spare.

MONGODB_BACKUPS_SUCCESSFUL_JOB_HISTORY_LIMIT=<number>

The number of successful OpenShift Cron Jobs Pods to leave on the history so they can be seen and their logs also visualized. The default number we typically use is "3".

MONGODB_BACKUPS_FAILED_JOB_HISTORY_LIMIT=<number>

Once defined the above environment variables, we create the following Service Account, Cluster Role and Cluster Role Binding to give privileges enough to the Backup Cron Job and Pods:

apiVersion: v1

kind: ServiceAccount

metadata:

namespace: ${MONGODB_NAMESPACE}

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

namespace: ${MONGODB_NAMESPACE}

rules:

- apiGroups: [""]

resources: ["pods", "pods/log"]

verbs: ["get", "list"]

- apiGroups: [""]

resources: ["pods/exec"]

verbs: ["get", "create"]

- apiGroups: ["mongodbcommunity.mongodb.com"]

resources: ["*"]

verbs: ["list", "get", "watch", "update", "patch"]

- apiGroups: ["mongodb.com"]

resources: ["*"]

verbs: ["list", "get", "watch", "update", "patch"]

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

subjects:

- kind: ServiceAccount

namespace: ${MONGODB_NAMESPACE}

roleRef:

kind: ClusterRole

apiGroup: rbac.authorization.k8s.io

Next, we submit the PVC for creation:

kind: PersistentVolumeClaim

apiVersion: v1

metadata:

namespace: ${MONGODB_NAMESPACE}

spec:

accessModes:

- ${MONGODB_BACKUPS_STORAGE_CLASS_ACCESS_MODE}

resources:

requests:

storage: ${MONGODB_BACKUPS_BACKUP_STORAGE_REQUEST_SIZE}

storageClassName: ${MONGODB_BACKUPS_STORAGE_CLASS_NAME}

volumeMode: Filesystem

Once submitted, wait for the “Status.Phase” for the PVC to return “Bound” to continue.

Run the following shell commands to extract configuration settings we will need and set them into environment variables as well:

export MONGODB_CE_DB_NAME=$(oc get mongodbcommunity --ignore-not-found -o=jsonpath='{.items[0].metadata.name}')

export MONGODB_CE_DB_NAME_LOWER="${MONGODB_CE_DB_NAME,,}"

export MONGODB_ADMIN_PASSWORD=$(oc extract secret/${MONGODB_CE_DB_NAME}-admin-password --keys=password --to=-)

export MONGODB_CA_PATH=$(oc exec -it ${MONGODB_CE_DB_NAME}-0 -c mongod -- bash -c "cat /data/automation-mongod.conf" | grep CAFile | cut -d ":" -f 2 | xargs | tr -d '\r')

mongo_url_multi=$(oc get MongoDBCommunity -n ${MONGODB_NAMESPACE} -o=jsonpath="{.items[0].status.mongoUri}" | awk -F:// '{print $2}')

mongo_url_splitted=(${mongo_url_multi//,/ })

export MONGODB_URL_0="${mongo_url_splitted[0]}"

export MONGODB_URL_0_PORT=$(echo ${mongo_url_splitted[0]} | awk -F'[:/]' '{print $2}')

read MONGODB_CE_PRIMARY_HOSTNAME < <(oc exec -qt ${MONGODB_CE_DB_NAME}-0 -n ${MONGODB_NAMESPACE} -c mongod -- bash -c "mongosh 'mongodb://admin:${MONGODB_ADMIN_PASSWORD}@${MONGODB_URL_0}' --tls --tlsCAFile '${MONGODB_CA_PATH}' --quiet --eval 'rs.status().members.find(r=>r.state===1).name'")

export MONGODB_CE_PRIMARY_PORT=$(echo ${MONGODB_CE_PRIMARY_HOSTNAME} | cut -d ":" -f 2 | xargs)

export MONGODB_CE_PRIMARY_HOSTNAME=$(echo ${MONGODB_CE_PRIMARY_HOSTNAME} | cut -d ":" -f 1 | xargs)

export MONGODB_CE_PRIMARY_POD=$(echo ${MONGODB_CE_PRIMARY_HOSTNAME} | cut -d "." -f 1 | xargs)

Note: Watch the contents of these environment variables as none should be empty afterwards. If any is empty, there was an issue that needs to be corrected. The command “echo $<envvar-name>” can be used to check.

Note: The value of MONGODB_CE_PRIMARY_POD must conform to the concatenation of ${MONGODB_CE_DB_NAME} followed by dash then a number typically from zero to nine. Example: “mas-mongodb-ce-0”.

Next, copy and paste the following file into the filesystem for the workstation:

apiVersion: batch/v1

kind: CronJob

metadata:

namespace: ${MONGODB_NAMESPACE}

spec:

schedule: "${MONGODB_BACKUPS_SCHEDULE}"

concurrencyPolicy: Forbid

startingDeadlineSeconds: 200

suspend: false

successfulJobsHistoryLimit: ${MONGODB_BACKUPS_SUCCESSFUL_JOB_HISTORY_LIMIT}

failedJobsHistoryLimit: ${MONGODB_BACKUPS_FAILED_JOB_HISTORY_LIMIT}

jobTemplate:

spec:

template:

metadata:

namespace: ${MONGODB_NAMESPACE}

labels:

type: "mongodb-ce-backup"

dbname: "${MONGODB_CE_DB_NAME}"

spec:

serviceAccountName: mongodb-ce-backups-service-account

containers:

- name: mongodb-ce-backup

image: registry.redhat.io/openshift4/ose-cli:latest

imagePullPolicy: IfNotPresent

command: ["/bin/bash", "-c" ,"read MONGODB_CE_PRIMARY_HOSTNAME < <(oc exec -q ${MONGODB_CE_DB_NAME}-0 -n ${MONGODB_NAMESPACE} -c mongod -- bash -c \"mongosh 'mongodb://admin:${MONGODB_ADMIN_PASSWORD}@${MONGODB_URL_0}' --tls --tlsCAFile '${MONGODB_CA_PATH}' --quiet --eval 'rs.status().members.find(r=>r.state===1).name'\") && export MONGODB_CE_PRIMARY_PORT=$(echo \"${MONGODB_CE_PRIMARY_HOSTNAME@E}\" | cut -d \":\" -f 2) && export MONGODB_CE_PRIMARY_HOSTNAME=$(echo \"${MONGODB_CE_PRIMARY_HOSTNAME@E}\" | cut -d \":\" -f 1) && export MONGODB_CE_PRIMARY_POD=$(echo \"${MONGODB_CE_PRIMARY_HOSTNAME@E}\" | cut -d \".\" -f 1) && export TIMESTAMP=$(date +\"%Y%m%d%H%M%S\") && export BACKUP_FILENAME=\"${TIMESTAMP@E}-${MONGODB_CE_DB_NAME}.archive.gz\" && export BACKUP_PATH_FILENAME=\"${MONGODB_BACKUPS_POD_TEMPORARY_FOLDER_PATH}/${BACKUP_FILENAME@E}\" && echo \"MONGODB_CE_PRIMARY_HOSTNAME: ${MONGODB_CE_PRIMARY_HOSTNAME@E}\" && echo \"MONGODB_CE_PRIMARY_PORT: ${MONGODB_CE_PRIMARY_PORT@E}\" && echo \"MONGODB_CE_PRIMARY_POD: ${MONGODB_CE_PRIMARY_POD@E}\" && echo \"TIMESTAMP: ${TIMESTAMP@E}\" && echo \"BACKUP_FILENAME: ${BACKUP_FILENAME@E}\" && echo \"BACKUP_PATH_FILENAME: ${BACKUP_PATH_FILENAME@E}\" && oc exec ${MONGODB_CE_PRIMARY_POD@E} -c mongod -n \"${MONGODB_NAMESPACE}\" -- bash -c \"mkdir -p '${MONGODB_BACKUPS_POD_TEMPORARY_FOLDER_PATH}' && rm -f '${MONGODB_BACKUPS_POD_TEMPORARY_FOLDER_PATH}/'* && mongodump --host=${MONGODB_CE_PRIMARY_HOSTNAME@E} --port=${MONGODB_CE_PRIMARY_PORT@E} --username=admin --password=${MONGODB_ADMIN_PASSWORD} --authenticationDatabase=admin --ssl --sslCAFile=${MONGODB_CA_PATH} --gzip --archive=${BACKUP_PATH_FILENAME@E}\" && oc cp -n \"${MONGODB_NAMESPACE}\" -c mongod ${MONGODB_CE_PRIMARY_POD@E}:${BACKUP_PATH_FILENAME@E} ${MONGODB_BACKUPS_FOLDER_PATH}/${BACKUP_FILENAME@E} && oc exec ${MONGODB_CE_PRIMARY_POD@E} -c mongod -n \"${MONGODB_NAMESPACE}\" -- bash -c \"rm -f '${BACKUP_PATH_FILENAME@E}'\" && /usr/bin/find '${MONGODB_BACKUPS_FOLDER_PATH}' -name *.archive.gz -type f -mtime ${MONGODB_BACKUPS_RETENTION_PERIOD} -print -exec rm -f {} \\;"]

volumeMounts:

- mountPath: "${MONGODB_BACKUPS_FOLDER_PATH}"

env:

- name: MONGODB_NAMESPACE

value: "${MONGODB_NAMESPACE}"

- name: MONGODB_CE_DB_NAME

value: "${MONGODB_CE_DB_NAME}"

- name: MONGODB_ADMIN_PASSWORD

value: "${MONGODB_ADMIN_PASSWORD}"

- name: MONGODB_BACKUPS_FOLDER_PATH

value: "${MONGODB_BACKUPS_FOLDER_PATH}"

- name: POD_EXECUTION_TIMEOUT

value: "${MONGODB_BACKUPS_SCHEDULE}"

- name: MONGODB_BACKUPS_STORAGE_PVC_NAME

value: "${MONGODB_BACKUPS_STORAGE_PVC_NAME}"

- name: MONGODB_BACKUPS_RETENTION_PERIOD

value: "${MONGODB_BACKUPS_RETENTION_PERIOD}"

- name: MONGODB_BACKUPS_SUCCESSFUL_JOB_HISTORY_LIMIT

value: "${MONGODB_BACKUPS_SUCCESSFUL_JOB_HISTORY_LIMIT}"

- name: MONGODB_BACKUPS_FAILED_JOB_HISTORY_LIMIT

value: "${MONGODB_BACKUPS_FAILED_JOB_HISTORY_LIMIT}"

restartPolicy: Never

volumes:

- name: "${MONGODB_BACKUPS_STORAGE_PVC_NAME}"

persistentVolumeClaim:

claimName: "${MONGODB_BACKUPS_STORAGE_PVC_NAME}"

Once saved, run the following command to substitute the environment variables on the file with their values and generate another file with the substituted values instead of the references:

envsubst < file-name-with-envvars.yaml > file-name-substituted.yaml

Where the file-name-with-envvars.yaml is the file that was saved from above and the file-name-substituted.yaml is the generated file with the environment variables substituted.

Note: Any environment variable ending with “@E” are meant to take effect while executing and will not be substituted by “envsubst” when generating the substituted file.

Review the file-name-substituted.yaml file for correctness then submit to the cluster using:

oc apply -f file-name-substituted.yaml

Finally, we are going to try to explain what the very long “command” contents of the OpenShift Cron Job mean step by step (remember they are separated by “&&”):

Derives the MONGODB_CE_PRIMARY_HOSTNAME by extracting from a mongosh execution inside the first MongoDB CE Pod.
Derives MONGODB_CE_PRIMARY_PORT by parsing the previously extracted MONGODB_CE_PRIMARY_HOSTNAME.
Derives MONGODB_CE_PRIMARY_HOSTNAME by parsing the previously extracted MONGODB_CE_PRIMARY_HOSTNAME.
Derives MONGODB_CE_PRIMARY_POD by parsing the previously extracted MONGODB_CE_PRIMARY_HOSTNAME.
Derives TIMESTAMP as current full date and time to use for generated file names.
Derives BACKUP_FILENAME using the previous timestamp and other values.
Derives BACKUP_PATH_FILENAME using the previous BACKUP_FILENAME and path.
Print values to output to help understanding the results of the above derivation on the Pod output
Creates (if not exist) the temporary destination folder inside the MongoDB Primary Pod as specified by MONGODB_BACKUPS_POD_TEMPORARY_FOLDER_PATH
Deletes any pre-existing files on the destination temporary folder
Calls “mongodump” to dump all the databases to the file on the temporary destination folder (gzipped)
Using “oc cp”; copies the generated dump file from the temporary destination folder on the MongoDB Pod to the folder specified by the MONGODB_BACKUPS_FOLDER_PATH variable on the local Pod (the Cron Job Pod which has the PVC mounted in the intended path).
Deletes the generated dump file from the temporary destination folder on the MongoDB Pod
Searches MongoDB Backup files (names ending on “.archive.gz”) on the Backup Path (PVC) that are older than the specified MONGODB_BACKUPS_RETENTION_PERIOD value and deletes them.

Note: The “env” section with the environment variables values are just for guiding/reference purposes and have no effect on the actual execution of the command.

Maximo Application Suite Security Bulletins July 2025-2

Darlene Nerden — Thu, 24 Jul 2025 08:57:03 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565 –

https://www.ibm.com/support/pages/node/7238991?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods. –

https://www.ibm.com/support/pages/node/7239049?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.

https://www.ibm.com/support/pages/node/7239249?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. –

https://www.ibm.com/support/pages/node/7239248?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to runtime-7.24.8.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7239480?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038) –

https://www.ibm.com/support/pages/node/7240133?myns=swgother&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLKT6&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSG2D3-OCSSLLAM-OCSSLKT6-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLL9Z-OCSSKVFR-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-56339) –

https://www.ibm.com/support/pages/node/7240134?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097) –

https://www.ibm.com/support/pages/node/7240135?myns=swgother&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSWT9A&mync=E&cm_sp=swgother-_-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-OCSSLLAM-OCSSLL8M-OCSSG2D3-OCSSLKT6-OCSSWT9A-_-E

If you have questions about how these vulnerabilities may impact your current Maximo Application Suite environment—or need support addressing them—please reach out to our team at info@interlocsolutions.com.

We're here to help you stay secure, compliant, and confident in your Maximo deployment.

Interloc Security Series: Microsoft Announces Security Vulnerabilities in SharePoint

Scott Peluso — Wed, 23 Jul 2025 12:30:10 GMT

Common Vulnerabilities and Exposures: CVE-2025-53771, CVE-2025-53770

On June 19, 2025, Microsoft delivered their customer guidance for SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771. Microsoft has indicated the CVEs in question, only affect on-premises implementations of SharePoint. Interloc’s Information Security team is aware of this vulnerability and its potential impact on us and the customers we collaborate with via SharePoint.

To our valued clients, please note that all Interloc corporate Microsoft Office 365 products are hosted in Microsoft’s secure Government Community Cloud High (GCCH). GCCH is a secure instance of Office 365, separate from Microsoft’s commercial and standard GCC environments.

Given the CVEs only impact on-premises SharePoint systems, your data with Interloc is safe and secure from these vulnerabilities. Interloc is deeply committed to protecting your data and ensuring it remains secure against emerging threats and vulnerabilities.

MAS Deployment Series: Configuring S3 Object Storage as an OpenShift Storage Class

Julio Perera — Tue, 08 Jul 2025 12:24:31 GMT

Abstract: We are continuing our series of Blog Entries to cover some MAS deployment scenarios either left out or not appropriately covered on the IBM Ansible scripts. We are going to also discuss considerations and tips and hints around these deployments. This time we are configuring and creating a Storage Class for the RedHat OpenShift Cluster so it can be used in some scenarios.

References:

The related IBM documentation to configure S3 for DOCLINKS and other uses inside Manage can be found under https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=storage-configuring-s3.

The Storage CSI driver that we are using in this Blog post is located and being maintained at https://github.com/yandex-cloud/k8s-csi-s3.

Content:

We wanted to have an S3 (Cloud Object Storage) based filesystem Provider on RedHat OpenShift so we could use it as a target for Persistent Volume Claims (PVCs) and Persistent Volumes (PVs) which in turn could be used for functionalities such as Backups, DOCLINKS, Integration Files, etc. and be reused as appropriate.

The main benefits, drawbacks and considerations that we could see for the approach are:

Resiliency and High Availability: For Backups, and specifically for IBM Cloud, it will allow us to have a “Global” S3/COS defined that is automatically replicated along multiple geographies and therefore should be available even in the instance of a whole datacenter getting damaged or destroyed in case of acts of God or events such as war.
Usability: For the above and other uses, it simulates a filesystem-based approach as it provides a “ReadWriteMany” Storage Class that can be used to create and “mount” PVCs. Therefore, it provides an “agnostic” interface to workloads (the filesystem).
Performance: Given that the actual back end is HTTP(s) based, advanced file operations will not be supported, and the type of usage should be carefully considered to operations such as writing a whole file at a time instead of doing multiple random accesses and writes to an existing file. Performance will not be good, and latency and bandwidth will be more limited than using Local Storage or Local Network Storage (such as NFS).
Simplified administration: It will allow reusing the same S3/COS bucket instead of creating buckets for every single purpose on a Manage installation or for other uses such as backups. It could also create new buckets for each PVC dynamically instead of subfolders for a pre-existing bucket.
Working around existing limitations: For DOCLINKS, current Manage implementation lacks flexibility as, at the time of writing, it puts all files inside the root of the S3/COS bucket and there is no support for subfolders even when using the “Manage Folders” functionality in Maximo.
Cost: Typically, S3 buckets charge based on actual space consumed and additionally sometimes by the volume of data transferred. In contrast, File Share approaches are usually charged based on the provisioned space. Therefore, it is usually cheaper to use an S3 bucket for the same amount of space.
Source: The Container Storage Interface (CSI) driver for S3 implementation is a GitHub project from the URL https://github.com/yandex-cloud/k8s-csi-s3 which means we will be installing code that was writing by external developers and OpenSource dependencies. This may require additional disclosure when using this driver for Federal or other customers requiring enhanced security disclosures.
Downtime: There is a requirement for GeeseFS (the default implementation of the above driver) that needs to add a SELinux configuration to the Worker Nodes and therefore, a MachineConfig will be submitted to the Cluster to patch the Worker Nodes during startup. Which will cause the Machine Config Pool to render a new configuration and apply it to the Worker Nodes which in turn will cause a restart of the Worker Nodes. Therefore, applying during a maintenance window is recommended.

Before we start implementing the S3 CSI driver and connecting it to the S3/COS we need to gather a few configurations which are standard to S3/COS implementations, these are in the following Environment Variables:

BACKUPS_S3_ENDPOINT="<endpoint-url>"

Required. The S3 Endpoint URL. This should be provided by the S3 endpoint normally using either the 'http' or 'https' protocols. Plus, a hostname or IP address plus maybe some context afterwards. There is typically no default value for this setting which must be always provided unless the BACKUPS_S3_AMAZON_REGION is set in which case this environment variable becomes derived from the value set for the Amazon Region.

BACKUPS_S3_AMAZON_REGION="<amazon-region>"

Optional. The Amazon Region Name to use when connecting to an Amazon AWS S3 Endpoint. Typically values such as 'eu-central-1' are used. If not specified, it is assumed we are not connecting to an Amazon AWS S3 Endpoint and therefore, BACKUPS_S3_ENDPOINT becomes mandatory. Otherwise, the BACKUPS_S3_ENDPOINT is overridden by using the following convention "https://s3.<amazon-region-name>.amazonaws.com".

BACKUPS_S3_ACCESS_KEY_ID=<s3-access-key-id>

Required. The required S3 Access Key ID. This should be provided by the S3 endpoint normally using a long string of characters like a login ID. There is no default value for this setting which must be always provided.

BACKUPS_S3_SECRET_ACCESS_KEY=<s3-secret-access-key>

Required. The required S3 Secret Access Key. This should be provided by the S3 endpoint normally using a long string of characters like a password. There is no default value for this setting which must be always provided.

BACKUPS_S3_STORAGE_CLASS_NAME=<storage-class-name>

The Storage Class Name to point to the above Endpoint, Access Key ID and Secret Access Key properties. Also see BACKUPS_S3_BUCKET_NAME immediately below. For this example, we are using our default value which is 'backups-csi-s3'.

BACKUPS_S3_BUCKET_NAME=<pre-existing-S3-bucket-name>

The pre-existing S3 bucket name to reuse, which will attempt to create a subfolder for each PVC/PV that gets created using the Storage Class as defined in the BACKUPS_S3_STORAGE_CLASS_NAME variable above. There is NO default value for this and setting it or not affects behavior significantly. We recommend setting the variable up and therefore provisioning a pre-existing bucket beforehand instead of allowing buckets to be created dynamically for each PVC. Notice that dynamic creation of buckets per each PVC requires the Credentials/Security Principal above as per BACKUPS_S3_ACCESS_KEY_ID and BACKUPS_S3_SECRET_ACCESS_KEY to have privilege to create new buckets.

BACKUPS_S3_ALLOW_INSECURE_CONNECTIONS=<true-or-false>

Whether to allow insecure (i.e. Self-Signed Certificates) when using "https" as the protocol stated on BACKUPS_S3_ENDPOINT. The default value is 'true' (so it allows Self-Signed Certificates by default).

We also have other variables to specify additional settings such as Target Namespace for the Provisioner, Provisioner version to use, Secret Names for the credentials, Image URLs for the Driver Provisioner, Registrar and CSI, plus Memory Limits and Number of Replicas for the Provisioner. However, for the purpose of this blog, we are going to hardcode them in our YAMLs. Notice that some of the YAMLs below are tested and should work for the specific versions we have hardcoded (v0.42.1 at the time of writing), and they are NOT guaranteed to work without modifications for future versions.

Notice that all environment variable reference in YAMLs below need to be substituted by actual values as per above before submitting (these are always in the ${envvar_name} format). Also, any values in YAML contents below in italics or bold are meant to be reviewed and adapted to the specific circumstances of the deployment or target environment.

Once we have all the environment variables above defined with appropriate values, we need to create the Project/Namespace. To do so, we submitted the following YAML:

kind: Project
apiVersion: project.openshift.io/v1
metadata:
name: csi-s3-storage
annotations:
openshift.io/display-name: CSI Driver for S3 Storage backends

Next, we are going to create the Provisioner itself and dependencies, to do so, we submitted the following YAML (sourced with additional modifications from https://github.com/yandex-cloud/k8s-csi-s3/raw/master/deploy/kubernetes/provisioner.yaml):

apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-s3-provisioner-sa
namespace: csi-s3-storage
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-s3-external-provisioner-runner
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-s3-provisioner-role
subjects:
- kind: ServiceAccount
name: csi-s3-provisioner-sa
namespace: csi-s3-storage
roleRef:
kind: ClusterRole
name: csi-s3-external-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Service
apiVersion: v1
metadata:
name: csi-s3-provisioner
namespace: csi-s3-storage
labels:
app: csi-s3-provisioner
spec:
selector:
app: csi-s3-provisioner
ports:
- name: csi-s3-dummy
port: 65535
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: csi-s3-provisioner
namespace: csi-s3-storage
spec:
serviceName: "csi-provisioner-s3"
replicas: 1
selector:
matchLabels:
app: csi-s3-provisioner
template:
metadata:
labels:
app: csi-s3-provisioner
spec:
serviceAccount: csi-s3-provisioner-sa
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
containers:
- name: csi-provisioner
image: "quay.io/k8scsi/csi-provisioner:v2.1.0"
args:
- "--csi-address=$(ADDRESS)"
- "--v=4"
env:
- name: ADDRESS
value: /var/lib/kubelet/plugins/ru.yandex.s3.csi/csi.sock
imagePullPolicy: "IfNotPresent"
volumeMounts:
- name: socket-dir
mountPath: /var/lib/kubelet/plugins/ru.yandex.s3.csi
- name: csi-s3
image: "cr.yandex/crp9ftr22d26age3hulg/csi-s3:0.42.1"
imagePullPolicy: IfNotPresent
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(NODE_ID)"
- "--v=4"
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/kubelet/plugins/ru.yandex.s3.csi/csi.sock
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: socket-dir
mountPath: /var/lib/kubelet/plugins/ru.yandex.s3.csi
volumes:
- name: socket-dir
emptyDir: {}

As a result of executing the previous script, there should be a Pod created in the Project and after a little while the status should be “Ready” “2/2” for it.

Next, we are going to create the Driver itself and dependencies, to do so, we submitted the following YAML (sourced without additional modifications from https://github.com/yandex-cloud/k8s-csi-s3/raw/master/deploy/kubernetes/driver.yaml):

apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: ru.yandex.s3.csi
spec:
attachRequired: false
podInfoOnMount: true

There are no obvious results at the Cluster for the above operation.

Next, we are going to create the CSI itself and dependencies, to do so, we submitted the following YAML (sourced with additional modifications from https://github.com/yandex-cloud/k8s-csi-s3/raw/master/deploy/kubernetes/csi-s3.yaml):

apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-s3
namespace: csi-s3-storage
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-s3
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-s3
subjects:
- kind: ServiceAccount
name: csi-s3
namespace: csi-s3-storage
roleRef:
kind: ClusterRole
name: csi-s3
apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: csi-s3
namespace: csi-s3-storage
spec:
selector:
matchLabels:
app: csi-s3
template:
metadata:
labels:
app: csi-s3
spec:
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- operator: Exists
effect: NoExecute
tolerationSeconds: 300
serviceAccount: csi-s3
containers:
- name: driver-registrar
image: "quay.io/k8scsi/csi-node-driver-registrar:v1.2.0"
args:
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
- "--v=4"
- "--csi-address=$(ADDRESS)"
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/ru.yandex.s3.csi/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration/
- name: csi-s3
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: "cr.yandex/crp9ftr22d26age3hulg/csi-s3:0.42.1"
imagePullPolicy: IfNotPresent
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(NODE_ID)"
- "--v=4"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: stage-dir
mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: pods-mount-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: "Bidirectional"
- name: fuse-device
mountPath: /dev/fuse
- name: systemd-control
mountPath: /run/systemd
volumes:
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: DirectoryOrCreate
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/ru.yandex.s3.csi
type: DirectoryOrCreate
- name: stage-dir
hostPath:
path: /var/lib/kubelet/plugins/kubernetes.io/csi
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: fuse-device
hostPath:
path: /dev/fuse
- name: systemd-control
hostPath:
path: /run/systemd
type: DirectoryOrCreate

Next, we should grant some additional privileges required to the above Service Account to avoid errors like ‘forbidden: unable to validate against *** security context constraint’, to do so, we executed the following “oc” commands:

oc adm policy add-scc-to-user anyuid -z csi-s3 -n csi-s3-storage
oc adm policy add-scc-to-user privileged -z csi-s3 -n csi-s3-storage
oc adm policy add-scc-to-user hostmount-anyuid -z csi-s3 -n csi-s3-storage

We should receive responses like the below:

clusterrole.rbac.authorization.k8s.io/system:openshift:scc:anyuid added: "csi-s3"
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:privileged added: "csi-s3"
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:hostmount-anyuid added: "csi-s3"

As a result of executing the previous script, there should be a number (one per Worker Node) of additional Pods named like “csi-s3-<id>” created in the Project and after a little while the status for all of them should be “Ready” “2/2”.

The next step should be to create the Credentials to use to authenticate to the S3/COS Endpoint, for that, we submit the following YAML to the Cluster:

apiVersion: v1
kind: Secret
metadata:
name: "csi-s3-backup-secret"
namespace: "csi-s3-storage"
stringData:
accessKeyID: "${BACKUPS_S3_ACCESS_KEY_ID}"
secretAccessKey: "${BACKUPS_S3_SECRET_ACCESS_KEY}"
endpoint: "${BACKUPS_S3_ENDPOINT}"
insecure: "${BACKUPS_S3_ALLOW_INSECURE_CONNECTIONS}"
region: "${BACKUPS_S3_AMAZON_REGION}"

Notice that the proper Namespace and all the above-mentioned environment variables should be substituted. As noted, both the “endpoint” and “region” values should not be filled at the same time. A sample configuration for guidance with the values substituted appears below:

apiVersion: v1
kind: Secret
metadata:
name: "csi-s3-backup-secret"
namespace: "csi-s3-storage"
stringData:
accessKeyID: "4eb324cda65d99ab6fd534b89bef54d7"
secretAccessKey: "907babadbb1995f452c33241668a73cf9791cc10a030c78b9c477"
endpoint: "https://s3.us.cloud-object-storage.appdomain.cloud"
insecure: "true"
region: ""

Notice that in the above example we specified an Endpoint URL and no Region as it was not an Amazon S3 bucket.

The next step should be to create the Storage Class, by sending a YAML such as the below:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: "${BACKUPS_S3_STORAGE_CLASS_NAME}"
provisioner: ru.yandex.s3.csi
parameters:
mounter: geesefs
options: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666 --no-systemd"
bucket: "${BACKUPS_S3_BUCKET_NAME}"
csi.storage.k8s.io/provisioner-secret-name: csi-s3-backup-secret
csi.storage.k8s.io/provisioner-secret-namespace: csi-s3-storage
csi.storage.k8s.io/controller-publish-secret-name: csi-s3-backup-secret
csi.storage.k8s.io/controller-publish-secret-namespace: csi-s3-storage
csi.storage.k8s.io/node-stage-secret-name: csi-s3-backup-secret
csi.storage.k8s.io/node-stage-secret-namespace: csi-s3-storage
csi.storage.k8s.io/node-publish-secret-name: csi-s3-backup-secret
csi.storage.k8s.io/node-publish-secret-namespace: csi-s3-storage
reclaimPolicy: Delete
volumeBindingMode: Immediate

Notice that the “bucket” value may be present if we want to reuse a single bucket and treat PVCs as subfolders (recommented) or omitted (the whole line removed from the YAML) if we wanted to create a bucket per PVC as per considerations at the beginning of the post. Also, review the “reclaimPolicy” and “volumeBindingMode” values as desired for the Storage Class.

Also, note the Memory Limit to configure on the Storage Class for the GeeseFS mounter. Normally there should be no need to increase the default value unless stated in a new version of the provisioner. The default value as above is “1000”.

Maximo Application Suite Security Bulletins

Darlene Nerden — Wed, 02 Jul 2025 14:13:41 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods –

https://www.ibm.com/support/pages/node/7235730?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU –

https://www.ibm.com/support/pages/node/7235945?myns=swgother&mynp=OCSSLL9G&mynp=OCSS5RRF&mynp=OCSSLLAM&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLL8M&mynp=OCSSG2D3&mynp=OCSSKVFR&mynp=OCSSLL9Z&mynp=OCSSWT9A&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSS5RRF-OCSSLLAM-OCSSLKT6-OCSSLL84-OCSSLL8M-OCSSG2D3-OCSSKVFR-OCSSLL9Z-OCSSWT9A-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS (CVE-2025-1470,CVE-2025-1471,CWE-787) –

https://www.ibm.com/support/pages/node/7235947?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104) –

https://www.ibm.com/support/pages/node/7235948?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-OCSSG2D3-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKT6-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector is vulnerable to next-15.1.7.tgz CVE-2025-29927 –

https://www.ibm.com/support/pages/node/7236779?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152 –

https://www.ibm.com/support/pages/node/7237295?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.9.tgz CVE-2025-27152 –

https://www.ibm.com/support/pages/node/7237336?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791" –

https://www.ibm.com/support/pages/node/7237928?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2022-40897, CVE-2024-6345" –

https://www.ibm.com/support/pages/node/7237930?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Truststore Manager uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797. –

https://www.ibm.com/support/pages/node/7237923?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152 –

https://www.ibm.com/support/pages/node/7237932?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791" –

https://www.ibm.com/support/pages/node/7237933?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses jinja2-3.1.5-py3-none-any.whl and prismjs-1.29.0.tgz which is vulnerable to CVE-2025-27516 and CVE-2024-53382 This bulletin contains information regarding the vulnerability and its fixture. –

https://www.ibm.com/support/pages/node/7237931?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple Python packages which is vulnerable to "CVE-2024-3651, CVE-2023-32681, CVE-2024-35195, CVE-2024-37891" –

https://www.ibm.com/support/pages/node/7237927?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

https://www.ibm.com/support/pages/node/7237926?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses jetty-http-10.0.22.jar and jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516 and CVE-2024-6763 –

https://www.ibm.com/support/pages/node/7237938?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. –

https://www.ibm.com/support/pages/node/7237937?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Truststore Manager uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to CVE-2025-27516. –

https://www.ibm.com/support/pages/node/7237939?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010 –

https://www.ibm.com/support/pages/node/7237940?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395 –

https://www.ibm.com/support/pages/node/7237955?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses commons-io: 2.7 which is vulnerable to CVE-2024-47554 –

https://www.ibm.com/support/pages/node/7237956?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565 vulnerability –

https://www.ibm.com/support/pages/node/7237961?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486 –

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486

Security bulletin: Security Bulletin: There is a vulnerability in poi-ooxml-5.3.0.jarused by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-31672) –

https://www.ibm.com/support/pages/node/7238116?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in flask-3.1.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-47278) –

https://www.ibm.com/support/pages/node/7238117?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in prism-1.28.0.jsused by IBM Maximo Asset Management application ( CVE-2024-53382) –

https://www.ibm.com/support/pages/node/7238118?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cookie-0.4.1.tgz which is vulnerable to CVE-2024-47764 –

https://www.ibm.com/support/pages/node/7238315?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-30208 –

https://www.ibm.com/support/pages/node/7238342?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7238343?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses braces-3.0.2.tgz which is vulnerable to CVE-2024-4068 –

https://www.ibm.com/support/pages/node/7238345?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31125 –

https://www.ibm.com/support/pages/node/7238347?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796 –

https://www.ibm.com/support/pages/node/7238348?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses serialize-javascript-4.0.0.tgz which is vulnerable to CVE-2024-47554 –

https://www.ibm.com/support/pages/node/7238344?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590 –

https://www.ibm.com/support/pages/node/7238490?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067 –

https://www.ibm.com/support/pages/node/7238489?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538 –

https://www.ibm.com/support/pages/node/7238492?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799 –

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890 –

https://www.ibm.com/support/pages/node/7238497?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800 –

https://www.ibm.com/support/pages/node/7238495?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7238499?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798 –

https://www.ibm.com/support/pages/node/7238496?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565 –

https://www.ibm.com/support/pages/node/7238500?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789 –

https://www.ibm.com/support/pages/node/7238501?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255 –

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

We're here to help you stay secure, compliant, and confident in your Maximo deployment.

Maximo Application Suite Security Bulletins June 2025

Darlene Nerden — Wed, 04 Jun 2025 11:17:38 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536 –

https://www.ibm.com/support/pages/node/7234592?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to lightgbm-4.5.0-py3-none-manylinux_2_28_x86_64.whl CVE-2024-43598 –

https://www.ibm.com/support/pages/node/7234920?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965 –

https://www.ibm.com/support/pages/node/7235025?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2025-1194 –

https://www.ibm.com/support/pages/node/7235027?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898 –

https://www.ibm.com/support/pages/node/7235026?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl CVE-2025-27516 –

https://www.ibm.com/support/pages/node/7235028?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416 –

https://www.ibm.com/support/pages/node/7235029?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cxf-core-3.5.5.jar, cxf-core-4.0.5.jar CVE-2025-23184 –

https://www.ibm.com/support/pages/node/7235030?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to http-proxy-middleware-2.0.7.tgz CVE-2025-32997 –

https://www.ibm.com/support/pages/node/7235032?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Liberty which is vulnerable to a denial of service due to Netty CVE-2024-47535 –

https://www.ibm.com/support/pages/node/7235031?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component : Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used –

https://www.ibm.com/support/pages/node/7235163?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz, Kubectl-1.22.4 and Websphere Liberty - 24.0.0.11 which is vulnerable to CVE-2025-27152, CVE-2024-47535, CVE-2024-24791, CVE-2024-45336, CVE-2024 –

https://www.ibm.com/support/pages/node/7235181?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses netty-common-4.1.115.Final.jar which is vulnerable to CVE-2025-25193 –

https://www.ibm.com/support/pages/node/7231159?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses commons-codec-1.11.jar, okio-jvm-3.0.0.jar, jetty-http-10.0.24.jar and jetty-server-10.0.24.jar which is vulnerable to CVE-2020-8908, CVE-2023-2976, CVE-2024-6763, CVE-2023-3635 –

https://www.ibm.com/support/pages/node/7235178?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797 –

https://www.ibm.com/support/pages/node/7230838?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend) –

https://www.ibm.com/support/pages/node/7235410?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.18-py3-none-any.whl CVE-2025-26699 –

https://www.ibm.com/support/pages/node/7235414?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component in IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184) –

https://www.ibm.com/support/pages/node/7235415?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050 –

https://www.ibm.com/support/pages/node/7235416?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Stay in the loop on all the latest Security Bulletins by signing up for our Security Updates.

Maximo Spatial Tools Available in MAS 9

Suraj Singh — Thu, 22 May 2025 15:38:05 GMT

Hello Everyone,

Recently, I had a few questions thrown to me about the Maximo Spatial tools, especially after the new release in MAS 9. With some changes in the Map, I thought it might be important to highlight some tools that are available to you with Maximo Spatial.

The new MAS 9 release comes with a new map, where tools from the previous version were consolidated, while some were moved to different places for efficiency. In the table below, I will highlight these tools, and briefly discuss how you can find and use them.

When opening the Map, you are presented with six (6) options. See the image below.

Each of these tools are described in the table below:

With these main tools described above, we can further expand these with a bit more detail. In most cases, additional tools become available within each main tool.

Layer tool and Identify tool

The first is the layer and identify tool. Since the layer tool does not have many other tools within it, I combined them with the tools you can find within the Identify tool. The next two images below display the tools when initially selected.

Layer Tool

Identify Tool

The table below further describe the sub-tools within the layer and identify.

Query tool

The next main tool is the query tool. This allows searching the GIS feature objects for data selected within the criteria. The image below shows the original image of the layers tool.

The table following expand on the tools available from the query tool, as seen in the image above.

Results tool

The results tool is used to hold data returned from any search completed, particularly from the query tool. The image below displays how the result tool appears before a search.

Sketch

Finally, the sketch tool is available to add any shapes, text or measurements onto the Map. This tool is useful when trying to get information about in sizing, or adding notes to nearby features. The following image is the sketch tool when initially selected.

In the image above, the sketch tool also has additional sub tools available to be used to add details to the map. The table below describes the functionality of each.

That should cover the tools that are available on the map.

Now that you’re familiar with the powerful Spatial tools in MAS 9, it’s time to put them to work! Whether you're streamlining workflows, optimizing maps, or enhancing your operations, these tools are designed to boost efficiency.

Want to learn more? Dive deeper into Maximo solutions and see how they can transform your organization. If you have any questions, or would like to know more about these tools, please feel free to reach out to Interloc. Visit our website today!

Maximo Application Suite Security Bulletins

Darlene Nerden — Mon, 19 May 2025 16:36:52 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Jinja is an extensible templating engine. Jinja sandboxed environment interacts with the attr filter allows an attacker to attack. –

https://www.ibm.com/support/pages/node/7231957?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a possible denial-of- service for Python-idna CVE-2024-3651 –

https://www.ibm.com/support/pages/node/7232477?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-context-6.1.11.jar CVE-2024-38820 –

https://www.ibm.com/support/pages/node/7232479?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Location Service for ESRI Component uses multiple vulnerable libraries and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7232050?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-12797 –

https://www.ibm.com/support/pages/node/7232597?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791 –

https://www.ibm.com/support/pages/node/7232611?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to idna-0.1.5.crate, idna-0.5.0.crate CVE-2024-12224 –

https://www.ibm.com/support/pages/node/7232914?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses netty-handler-4.1.108.Final.jar which is vulnerable to CVE-2025-24970 –

https://www.ibm.com/support/pages/node/7230843?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite -Iot Component uses netty-handler-4.1.114.Final.jar which is vulnerable to CVE-2025-24970 –

https://www.ibm.com/support/pages/node/7232916?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses Python-3.11 which is vulnerable to CVE-2024-4032 –

https://www.ibm.com/support/pages/node/7232917?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827 –

https://www.ibm.com/support/pages/node/7233209?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-handler-4.1.117.Final.jar CVE-2025-24970 –

https://www.ibm.com/support/pages/node/7233208?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.117.Final.jar CVE-2025-25193 –

https://www.ibm.com/support/pages/node/7233210?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.17-py3-none-any.whl CVE-2024-56374 –

https://www.ibm.com/support/pages/node/7233211?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2024-12720 –

https://www.ibm.com/support/pages/node/7233212?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.5-py3-none-any.whl CVE-2025-27516 –

https://www.ibm.com/support/pages/node/7233361?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827 –

https://www.ibm.com/support/pages/node/7233372?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-25193)

https://www.ibm.com/support/pages/node/7233723?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to Apache poi-ooxml-3.9-20121203 in BIRT (CVE-2016-5000, CVE-2017-12626, CVE-2017-5644, CVE-2019-12415, CVE-2022-26336) –

https://www.ibm.com/support/pages/node/7233724?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in WebSphere Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-47535) –

https://www.ibm.com/support/pages/node/7233725?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Proactive Monitoring in Health and Industry: Parallels Between Dexcom G7 and IBM Maximo Monitor.

Joe Mendoza — Tue, 13 May 2025 22:08:26 GMT

Asset Performance Management (APM) for the human body and your critical assets.

On an early morning towards the end of April of 2025, just before 3:00 a.m., I was awakened by a notification on my phone. A close family member had shared their glucose monitoring data with me through their Dexcom G7 system—a state-of-the-art continuous glucose monitoring (CGM) device designed to help individuals with diabetes manage their blood sugar levels more effectively.

Turning Data into Action: The Power of Predictive Software

The Dexcom G7 uses a small sensor inserted just under the skin—typically on the abdomen or upper arm. The tip of the sensor is coated with an enzyme that reacts with glucose in the interstitial fluid. This reaction generates an electrical signal proportional to the glucose concentration, which is then converted into a digital glucose value. The system transmits this data wirelessly every five minutes to a connected smartphone, providing real-time glucose readings, trends, and alerts that can also be shared with caregivers or loved ones.

The notification I received was triggered because their glucose level had dropped below 4.0 mmol/L—a potentially dangerous low. Thanks to the real-time alert, my family member was able to quickly respond by taking glucose tablets, and within 15 minutes their level had risen safely to 5.8 mmol/L.

This technology is truly remarkable. The ability to detect and respond to a critical drop in glucose levels within minutes likely prevented a serious medical emergency and an unnecessary trip to the emergency room.

Imagine having this level of technology applied to your critical assets—the ability to capture real-time sensor readings to prevent equipment failure before it happens. That’s exactly what IBM Maximo Monitor delivers, one of many Asset Performance Management (APM) applications available to you with Maximo Application Suite.

Maximo Monitor: A Game-Changer in Asset Performance Management (APM)

Maximo Monitor enables continuous monitoring of asset health by integrating real-time sensor data such as temperature, vibration, and pressure. These readings can be analyzed to detect anomalies or trends that indicate potential issues—much like how a continuous glucose monitor provides critical health information to diabetic patients.

Just as patients can treat a drop in blood glucose before it becomes dangerous, maintenance teams can proactively respond to abnormal equipment readings before a failure leads to costly downtime. Once predefined thresholds are breached, Maximo Monitor automatically flags the issue, allowing remediation to begin immediately.

The diagram below illustrates a real-world example: amp readings on a pump exceed the maximum threshold, signaling that immediate attention is required. With Maximo Monitor, this type of insight turns reactive maintenance into proactive decision-making.

How Proactive Monitoring Software Prevents Downtime

In addition to capturing real-time sensor data, Maximo Monitor includes built-in anomaly detection capabilities. This functionality provides advanced analytics to identify deviations from normal operating patterns—offering valuable insights when sensor readings suggest potential issues. In situations where you might not know upper and lower limit thresholds of your incoming readings, this will help to identify anomalous readings.

The diagram below illustrates anomaly detection results, highlighting spikes that occurred simultaneously with spikes in amp readings. This correlation provides strong evidence that the asset's performance has deviated from expected behavior and warrants further investigation.

Building a Smarter Strategy with Data-Driven Monitoring

Just as the Dexcom G7 revolutionized diabetes management by enabling real-time glucose monitoring and proactive intervention, IBM Maximo Monitor brings the same level of intelligence and responsiveness to asset management. Both solutions demonstrate the power of continuous monitoring, data-driven insights, and early alerts to prevent critical failures—whether in human health or industrial operations.

Final Thoughts: Why Businesses Need Intelligent Monitoring Tools

By leveraging real-time sensor data and anomaly detection, Maximo Monitor empowers organizations to shift from reactive to predictive maintenance, reducing downtime, optimizing performance, and safeguarding critical infrastructure. In both cases, the principle is the same: timely information leads to timely action—and that can make all the difference.

Transform your asset management strategy with real-time insights. Don’t wait for failures—predict and prevent them with Maximo Monitor. Ready to shift from reactive to proactive maintenance? Let’s talk today!

Maximo Application Suite Security Bulletins

Darlene Nerden — Tue, 29 Apr 2025 15:38:51 GMT

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791 –

https://www.ibm.com/support/pages/node/7230241?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820 –

https://www.ibm.com/support/pages/node/7230258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891 –

https://www.ibm.com/support/pages/node/7230256?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7230259?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27516) –

https://www.ibm.com/support/pages/node/7230451?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-9880) –

https://www.ibm.com/support/pages/node/7230553?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037 –

https://www.ibm.com/support/pages/node/7230567?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094 –

https://www.ibm.com/support/pages/node/7230568?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184 –

https://www.ibm.com/support/pages/node/7230463?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7230570?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195 –

https://www.ibm.com/support/pages/node/7230834?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565 –

https://www.ibm.com/support/pages/node/7230837?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195 –

https://www.ibm.com/support/pages/node/7230836?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system –

https://www.ibm.com/support/pages/node/7230841?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763 –

https://www.ibm.com/support/pages/node/7230462?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202 –

https://www.ibm.com/support/pages/node/7230842?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24963,CVE-2025-24964) –

https://www.ibm.com/support/pages/node/7230917?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791 –

https://www.ibm.com/support/pages/node/7230927?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382 –

https://www.ibm.com/support/pages/node/7230929?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797 –

https://www.ibm.com/support/pages/node/7231157?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193 –

https://www.ibm.com/support/pages/node/7231158?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797) –

https://www.ibm.com/support/pages/node/7231784?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Maximo Asset Management 7.6.1x Security Bulletins

IBM has released Maximo Asset Management Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle Oct 2024 CPU –

https://www.ibm.com/support/pages/node/7230554?myns=swgother&mynp=OCSSWT9A&mynp=OCSSKVFR&mynp=OCSSLLAM&mynp=OCSSG2D3&mynp=OCSS5RRF&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSWT9A-OCSSKVFR-OCSSLLAM-OCSSG2D3-OCSS5RRF-OCSSLKT6-OCSSLL84-OCSSLL9Z-OCSSLL9G-OCSSLL8M-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery (SSRF) + Information Disclosure (CVE-2025-2987) –

https://www.ibm.com/support/pages/node/7231390?myns=swgother&mynp=OCSSLLAM&mynp=OCSSLL84&mynp=OCSS5RRF&mynp=OCSSLL9Z&mynp=OCSSLL9G&mynp=OCSSLL8M&mynp=OCSSKVFR&mynp=OCSSWT9A&mynp=OCSSLKT6&mynp=OCSSG2D3&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLLAM-OCSSLL84-OCSS5RRF-OCSSLL9Z-OCSSLL9G-OCSSLL8M-OCSSKVFR-OCSSWT9A-OCSSLKT6-OCSSG2D3-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (WebSphere Application Server traditional is vulnerable to SSRF) –

https://www.ibm.com/support/pages/node/7231786?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E

Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2025-2986) –

https://www.ibm.com/support/pages/node/7231785?myns=swgother&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSG2D3&mynp=OCSSWT9A&mynp=OCSSLLAM&mynp=OCSSLKSJ&mynp=OCSS5RRF&mynp=OCSSLL9Z&mynp=OCSSLL8M&mync=E&cm_sp=swgother-_-OCSSLL9G-OCSSKVFR-OCSSLKT6-OCSSLL84-OCSSG2D3-OCSSWT9A-OCSSLLAM-OCSSLKSJ-OCSS5RRF-OCSSLL9Z-OCSSLL8M-_-E

Streamlining Asset Management Operations: Exploring IBM Maximo Manage

Khalid Sayyed — Fri, 25 Apr 2025 14:38:52 GMT

As we continue our exploration of the IBM Maximo Application Suite (MAS), our next application in focus is IBM MAS Manage - the heart of Maximo Application Suite, which brings all applications together. In today’s asset-intensive industries, success hinges on the ability to efficiently manage physical assets across their entire lifecycle. Organizations require more than just a static asset register—they need a dynamic, integrated solution that can handle complex workflows, ensure compliance, and drive performance. IBM Maximo Manage, a core application within the Maximo Application Suite (MAS), delivers exactly that.

The Heart of Enterprise Asset Management (EAM)

Maximo Manage is the operational backbone of IBM MAS. It offers comprehensive Enterprise Asset Management capabilities, empowering organizations to plan, track, and optimize asset performance while reducing downtime and operational costs. Whether you’re overseeing utilities, transportation, manufacturing, or facilities, Maximo Manage provides the tools to manage assets, work orders, inventory, and procurement—all in one unified environment.

Key Capabilities That Drive Results

Work Management: Create, schedule, and track work orders seamlessly. Maximo Manage supports preventive, corrective, and condition-based maintenance, enabling teams to proactively maintain assets before failures occur.
Asset Lifecycle Management: From acquisition to decommissioning, Maximo helps track every detail of an asset's life. Users can monitor usage, history, warranties, and performance metrics to maximize asset value.
Inventory & Procurement: With integrated supply chain functionality, Maximo ensures critical parts and materials are available when needed, reducing delays and unplanned downtime.
Job Plans & Safety: Standardize maintenance activities with job plans, while ensuring compliance through safety plans, permits, and risk assessments embedded in workflows.
Mobile Access & Automation: Integrated with Maximo Mobile, technicians can access asset data and work orders on the go, and automation tools help reduce manual tasks and enhance productivity.

Seamless Integration Across MAS

What sets Maximo Manage apart is its ability to integrate natively with other MAS applications like Monitor, Health, and Predict. Real-time alerts from Maximo Monitor can trigger work orders in Manage. Asset condition scores from Maximo Health can influence maintenance prioritization. Predictions from Maximo Predict can automate preventive maintenance workflows.

Together, these applications create a connected ecosystem—driven by AI, IoT, and analytics—to support data-informed decisions across operations.

Maximo Monitor ↔ Maximo Manage:

Real-time sensor reading, alerts and anomalies from Monitor can generate or escalate work orders in Manage.
Asset and location hierarchy data from Manage is shared with Monitor for contextual visualization and event correlation.

Maximo Health ↔ Maximo Manage:
Asset health scores and degradation trends from Health prioritizes the maintenance tasks in Manage. Either creating a new CM or pulling ahead a future PM work order.
The following data from Manage is used in Health for creating Health Scores.
- Installation Date, Design Life – Asset’s Age/ Remaining Useful Life
- Lead Time – Time to acquire replacement
- Meters – To get sensor reading into Health Scores
- PMs – Next PM Due Data
- Maintenance Cost – Replacement to Repair Ration
- Failure Data – Mean Time Between Failure

Maximo Predict ↔ Maximo Manage

Failure predictions from Predict can trigger condition-based or predictive maintenance work orders in Manage.
Work execution data from Manage (e.g., how often assets fail after a certain threshold of IOT readings) helps retrain Predict’s AI models for greater accuracy.

With that, I’ll sign off for now—stay tuned for more insights into the innovative features and functionalities of the Maximo Application Suite! Meanwhile, consider exploring how IBM MAS Manage connects workflows across your organization to drive efficiency and collaboration. Don't forget the FREE MAS Upgrade will be going away soon. Click to get started!

Leveling the Playing Field: Methods to getting better LOEs

Joe Battle — Mon, 21 Apr 2025 18:32:13 GMT

Hey there, fellow functional consultants! I’m fairly new to the field, but I’ve already discovered some game-changing strategies for tackling one of our biggest challenges: estimating the Level of Effort (LOE) for a Maximo implementation. If you’ve ever felt overwhelmed trying to figure out how much time and resources a project will take, you’re not alone. But don’t worry—PMP estimation techniques can help us all level the playing field. Let me share my journey and how these techniques have become my secret weapons.

The Playing Field: Understanding Level of Effort (LOE)

Picture this: you’re standing on a rough, uneven playing field. You’ve got a Maximo implementation ahead of you, specifically setting up the Work Order Tracking application with Preventative Maintenance (PM) and Job Plans. LOE is your game plan, the key to navigating this tricky terrain. Accurate estimates mean we can plan our resources, budgets, and timelines more effectively, making our projects smoother and more successful.

The MVPs: Key PMP Estimation Techniques

To turn this uneven playing field into a level one, we need some Most Valuable Players (MVPs) on our side. I’ve found that these PMP estimation techniques are like having a dream team:

1. Expert Judgment
2. Analogous Estimating
3. Parametric Estimating
4. Three-Point Estimating
5. Bottom-Up Estimating

Expert Judgment: Learning from the Veterans

Description: This technique is about tapping into the experience of seasoned pros, much like seeking advice from a veteran coach.

Application Example: When I was setting up PM schedules in Maximo for the first time, I reached out to a senior coworker. They had done this countless times and told me that it typically takes about 40 hours. Their expert judgment gave me a reliable starting point and boosted my confidence.

Analogous Estimating: Drawing Parallels

Description: Analogous Estimating involves using the duration of similar past projects to estimate the current effort, like executing a well-known play.

Application Example: I had previously worked on a similar Maximo upgrade discovery report using multiple applications, which took, let’s say 80 hours. A new project for a manufacturing client seemed similar in size & processes, I would used that 80-hour estimate as a baseline. It made my task less daunting and more familiar.

Parametric Estimating: Crunching the Numbers

Description: This technique uses statistical relationships, like a statistician calculating game odds.

Application Example: From historical data, I knew setting up one PM schedule in Maximo, let’s say, takes about 2 hours. For a project needing 20 schedules, I simply multiplied: 2 hours per schedule times 20 schedules equals 40 hours. This straightforward calculation gave me a precise estimate.

Three-Point Estimating: Balancing the Scenarios

Description: Three-Point Estimating is about considering different scenarios—optimistic, pessimistic, and most likely.

Application Example: For creating job plans, I estimated the best-case scenario at 30 hours, the worst-case at 70 hours, and the most likely at 50 hours. Using the three-point formula:

LOE = (30+50 +70)/3

This method helped me prepare for uncertainties and ensured a balanced approach.

Bottom-Up Estimating: Breaking It Down

Description: This technique involves breaking down the project into smaller tasks, like a tactician mapping out every move.

Application Example: For the Maximo implementation, I broke down the tasks:

Configure PM application: 10 hours

Create job plans: 20 hours

Test PM schedules: 10 hours

Train users: 10 hours

Summing these estimates gave a total LOE of 50 hours. This detailed breakdown ensured I covered all bases and left no surprises.

Conclusion

Using PMP estimation techniques to level the playing field in Maximo implementation projects has become a game-changer for me. Whether you’re leveraging the wisdom of Expert Judgment, the strategic insights of Analogous Estimating, the precision of Parametric Estimating, the balanced approach of Three-Point Estimating, or the detailed planning of Bottom-Up Estimating, these techniques can help you navigate even the most challenging projects.

If you’re feeling overwhelmed by the task of providing LOEs, I encourage you to give these techniques a try. They’ve transformed how I approach my projects, and I’m confident they’ll do the same for you. Let’s level the playing field together and achieve more accurate, successful Maximo implementations!

Maximo Health: A Powerful Tool for Smarter Decision-Making

Kevin Wertz — Mon, 21 Apr 2025 18:31:11 GMT

When managing physical assets—whether they’re pipelines, pumps, trains, boilers, generators, you name it! —one of the most pressing questions is: What’s their current condition? Understanding asset health is FOUNDATIONAL to effective maintenance planning, risk management, and cost optimization. That’s where Maximo Health comes in.

Here at Interloc, we’re super excited about the new Maximo Health. It comes with Maximo MAS 8 and 9 as part of the new “application suite” (the “AS” in “MAS”). In the past this has been referred to as “Asset Health Insights” and you may even hear it referred to as “Maximo Asset Health”, but the new official name is Maximo Health. This new module is fully integrated with Maximo Manage (in case you’re still on an older version of Maximo, “Manage” in MAS 8/9 is the new name for the Maximo we’ve all come to know and love over the years). We’ve now completed two Health implementation projects and working on a third. We love the potential we see in Health to greatly cut costs and, very importantly, downtime, which can severely affect your bottom line.

In this blog post, I want to give you an overview of what Maximo Health is, why it matters, and how it can help your organization move toward more proactive and informed asset management. Consider this your introduction to the tools, concepts, and benefits of Health. But just a quick note, I’ll be leaving out screen shots of Health since my colleague Khalid included lots of screen shots in his Health post back in October. You can see his entry here if you’d like to check out what Maximo Health looks like.

What Is Maximo Health?

Just what is Maximo Health? At its core, Health leverages data to provide a snapshot of the current state of your assets. It combines information from various sources—like asset age, expected life, maintenance history, sensor data, condition monitoring, and even external factors such as weather forecasts or regulatory requirements if you want—and boils it down to a health score.

This score is a single, easily interpretable value that helps you quickly assess which assets are running smoothly and which might be at risk of failure. And for organizations with thousands (or even millions) of assets, that kind of visibility is HUGE.

But it doesn’t stop there. Maximo Health also enables users to identify trends, prioritize maintenance tasks, and justify investment decisions. Essentially, it’s the Elmers glue between operations, maintenance, and strategy.

Why Asset Health Matters

Health tools in Maximo MAS 8 and 9 bridge the gap between reactive and proactive asset management. For years, many organizations relied on reactive maintenance—fixing assets only after they failed—or periodic preventive maintenance based on manufacturer recommendations, even if those schedules didn’t align with the actual conditions of the assets. Do you have a regularly scheduled review to tighten up the PM schedules of aging assets? For most of you reading this, I’m gonna take a wild guess and go with a NO on that.

So these approaches can lead to inefficiencies, from unexpected downtime to wasted resources on unnecessary maintenance.

Maximo Health, by contrast, empowers you to:

Reduce Unplanned Downtime: By catching issues before they escalate, you can keep assets in service longer and avoid costly disruptions.
Extend Asset Life: A well-maintained asset lasts longer, and health monitoring helps you intervene at the right time.
Prioritize Work: Not every maintenance task is critical. Asset health scores let you focus on what truly matters.
Justify Capital Expenditures: Need to replace a critical pump? An asset health score provides hard data to back up your funding requests.

How Maximo Calculates Asset Health

One of the most exciting features of Maximo Health is how customizable it is. The system allows organizations to tailor their health scoring models to align with their specific needs and priorities.

Here’s a high-level breakdown of how it works:

1. Scoring Groups
Assets are often grouped by type, function, or criticality. For example, you might have one scoring group for boilers and another for generators. Each type of asset, defined as a scoring group, can have its own scoring model based on the data most relevant to those types of assets.

2. Scores
I’ve mentioned the Health score several times, and indeed that is the score we are typically most interested in. But there are other scores as well that are typically added to the scoring groups. For example, there is a Criticality score that can be a very simple calculation based on your asset’s priority field value. The Risk score in Maximo Health typically reflects the likelihood of asset failure or operational disruption. MAS includes a good out-of-box risk contributor based on the asset’s criticality and its current health score, but your risk score can be customized to what you want.

3. Contributors
These are the factors that influence an asset’s health score. Contributors can include things like:

Asset age and usage patterns
Work order history (number of corrective or preventive tasks), Mean time between failures (MTBF)
Meter readings (Run hours, steam pressure, etc)
External risks (weather, location, etc.)

4. Weighting and Aggregation
Once you’ve defined your contributors, Maximo lets you assign weights to them based on their importance. For example, the asset’s age might account for 50% of an asset’s health score, while work order history counts for 30% and a run hours meter counts for 20%. The system then combines these into a single score.

5. Health Indicators
Maximo provides a color-coded dashboard to display health indicators: green for healthy, yellow for caution, and red for assets requiring immediate attention.

This flexible framework means you’re not locked into a one-size-fits-all model. Instead, you can continuously refine your scoring models as your understanding of asset performance evolves. For example, want to change the weighting of your health score on a scoring group to give work order aging 10% more and asset age 10% less? This can be done within minutes.

Integrating Health with Maximo’s Ecosystem

I’ve already mentioned how Health is seamlessly integrated with your assets in Manage. But one of the biggest strengths of Maximo Health is its ability to integrate seamlessly with other modules and tools in the new Maximo Application Suite, such as:

Maximo Monitor: For real-time condition monitoring using IoT sensors.
Predictive Maintenance: Asset health scores can feed directly into predictive algorithms, helping you anticipate failures.
Work Management: Health helps prioritize and generate work orders for at-risk equipment.
Inspections: Use asset health scores to focus inspection efforts on high-risk areas.

This integration allows you to move beyond just monitoring health and toward acting on it. For example, if an asset’s health score drops below a certain threshold, we can configure an escalation in Manage to alert you, we can create an automation script to automatically generate a work order, or both!

Health in Action: A Simple Example

Let’s say your organization manages a fleet of vehicles, and one of your contributors is oil analysis. The system detects that the oil in one of your trucks contains high levels of contaminants, which lowers its health score from 85 (healthy) to 65 (caution).

Because of this drop, you see the asset score turn yellow and you generate a work order for an oil change, then flag the truck for further inspection. By catching the issue early, you avoided engine damage that could have taken the truck out of service for weeks.

Now multiply this example across your entire fleet, and you start to see the value of having a data-driven approach to the health of your assets.

Getting Started with Maximo Health

Implementing Maximo Health for your assets can feel overwhelming at first, especially if your organization is still heavily reliant on reactive maintenance. But the good news is, you don’t have to do it all at once.

Why not just start with your most critical assets? Focus on the equipment that has the highest impact.

Define your scoring models…this means working with your stakeholders to identify the contributors that matter most for the asset types.

Leverage your existing data: will it take a long time to enter all the installation dates and the manufacturer-supplied expected life for your assets that you haven’t entered already? That’s ok! You have work orders, right? You can get MTBF, work order aging, and a count of CM work orders from that existing data. You can add the asset age contributors once you have the data in place.

Next Steps

We hope to bring you more blog entries about Maximo Health in the future.

So, what’s your next step in the journey toward better asset health? Of course, Interloc is well-equipped to help you implement Health. Click here to contact us to start your asset health journey.

The key takeaway: Maximo Health isn’t just about numbers on a dashboard. It’s about enabling better decisions, reducing risk, and maximizing value. With the right approach, this awesome tool can transform how you manage your assets and give your team the confidence to tackle challenges head-on.

We hope to talk to you soon about how you can take advantage of Maximo Health. But first things first! Remember that the Health module comes with MAS 8/9. If you’re not on MAS 8/9 yet, what are you waiting for?!

Choosing the Best Maximo Mobile Solution: How to Find the Right Fit

Aaron Hermes — Wed, 16 Apr 2025 12:53:53 GMT

As mobile technology advances, businesses using IBM Maximo are searching for ways to extend its capabilities into the field. Solutions range from home-grown applications to specialized tools like Maximo Mobile and Mobile Informer—but how do you determine the right fit?

There isn’t a single “best” solution. Each mobile tool serves different needs, and choosing the wrong one can lead to inefficiencies, poor adoption, and wasted investment. Think of it like wearing the wrong-sized shoes—if they don’t fit properly, they cause discomfort and don’t serve their purpose.

Finding the Right Fit for Your Business

The first step is understanding what you need from a mobile solution. Maximo offers a wide range of features, but not every function needs to be accessible in the field. Are your workflows standard, or is your Maximo setup customized? Some solutions work best with out-of-the-box processes, while others support tailored implementations. If you rely on custom configurations, ensure your mobility tool won’t limit your system’s full functionality.

The Role of Offline Usability

Not all mobile solutions provide equal offline capability. If your team works in remote locations or areas with unreliable connectivity, offline performance becomes critical. Some tools offer basic offline access, while others—like Mobile Informer—were built specifically to enable seamless offline work, allowing users to complete tasks and sync data later.

Maximizing Efficiency with Mobile Informer

Since its inception in 2010, Mobile Informer has prioritized real-world usability, ensuring uninterrupted work online or offline. Whether updating work orders, tracking inventory, or validating assets, users can operate without disruptions.

If mobility is a priority, selecting the right tool ensures maximum efficiency and ROI. Discover how Mobile Informer can optimize your Maximo experience today!

Finding the right Maximo mobility solution isn’t just about picking a tool—it’s about choosing the right fit for your business needs. Whether you need seamless customization, powerful offline functionality, or an intuitive user experience, selecting the right solution ensures maximized efficiency and ROI.

Don’t settle for limitations. Choose mobility without compromise.

Ready to optimize Maximo mobility? See Mobile Informer in action today!

Start now—connect with a Mobile Solutions Expert and unlock the full potential of Maximo mobility.

Schedule Your Demo Today!

The Power of Governance: Establishing a Maximo Steering Committee for Prioritization and Alignment

Kevin Wertz — Wed, 09 Apr 2025 15:38:42 GMT

Welcome back! Last year I did a two-part series of blog posts talking about the importance of a Maximo roadmap for projects, large changes, and support. In that series, I mentioned the importance of establishing a governance meeting, so I thought as a continuation of that series of posts that I would cover this topic. Let’s go!

When managing an enterprise asset management system like Maximo, one of the greatest challenges is balancing competing priorities from different departments and stakeholders. As an engineering, maintenance, or IT professional that plays a key role in the Maximo system at your company, you've probably found yourself in situations where multiple managers submit requests for changes or enhancements, each claiming theirs is the top priority. Or maybe it’s the same manager that can’t seem to make up their mind! Without a clear structure to evaluate and align these requests with the organization’s overall goals, it’s easy to end up in a state of chaos—frequent task-switching, delayed projects, and frustrated teams.

A governance meeting—or Maximo Steering Committee—can solve these challenges by providing a forum for key stakeholders to evaluate, prioritize, and approve changes and projects in a structured way. Below, I’ll share the purpose of such a meeting, key benefits, practical steps for setting one up, and a personal anecdote to illustrate its impact.

Why a Governance Meeting?

Governance meetings are more than just check-ins; they’re strategic forums where decision-making happens. Specifically for Maximo, they allow stakeholders to:

Prioritize Requests: Decide which proposed changes, enhancements, or integrations align with organizational objectives and deserve immediate attention.

Allocate Resources Wisely: Ensure time, budget, and technical resources are spent on high-value initiatives.

Maintain Transparency: Provide visibility into the Maximo team's workload, timelines, and progress for everyone involved.

Create Accountability: Assign clear ownership to initiatives and track progress, reducing delays caused by miscommunication or shifting priorities.

My Experience at “Life Science Inc”

At my former company, I saw firsthand the chaos that can arise without governance. One engineering manager in particular frequently submitted requests for new functionalities or reports in Maximo. Maximo was still fairly new at the company at this point; they were “all-in” on Maximo, seeing all the potential it had to really streamline a lot of processes and help meet regulatory requirements. So as an IT system analyst whose job was almost 100% to support and enhance Maximo, there is no doubt that I was loving this enthusiasm! But, my team would start working on a request, only for the same manager to sometimes come back a week or two later with a new “urgent” request, expecting us to drop everything and pivot.

After months of juggling shifting priorities and feeling like we weren’t making meaningful progress, my supervisor and I decided to implement a governance structure. The Maximo program manager from engineering who we worked very closely with was in total agreement, as he shared our frustration. So, we scheduled regular meetings, monthly at first, with department heads, process owners, and IT stakeholders. During these sessions, we reviewed all outstanding requests, assigned priorities, and created a shared roadmap.

It was a bit painful at first, but eventually the difference was night and day. Projects were completed faster, the team felt less frustrated, and stakeholders had more confidence that their requests were being handled fairly and efficiently.

Benefits of a Maximo Governance Meeting

Clear Prioritization and Road mapping: With a governance meeting, every request is vetted based on predefined criteria, such as business impact, regulatory requirements, or ROI. Low-priority items can be deferred to later in the roadmap, while high-priority initiatives are added to the roadmap earlier with realistic timelines.

Avoiding Scope Creep: Governance meetings establish a formal process for proposing and approving large changes. This reduces ad hoc requests that can disrupt workflows.

Stakeholder Alignment: When all relevant parties have visibility into Maximo-related activities, it minimizes conflicts over priorities and fosters collaboration.

Efficient Use of Resources: By aligning IT resources with organizational goals, governance ensures teams aren’t stretched thin trying to do everything at once.

Better Communication: These meetings create a central source of truth. Stakeholders know exactly what’s in progress and what’s planned, reducing confusion and the need for constant status updates.

Setting Up a Governance Meeting: Practical Steps

Identify Key Stakeholders Gather representatives from departments that rely heavily on Maximo—operations, maintenance, IT, procurement, and any others. Include decision-makers who can advocate for their teams and approve budgets or timelines. Don’t be afraid to invite director-level people who you think might be “too high to care”. If you can get them to agree to come to the meeting, even if they don’t participate much, their familiarity with your Maximo program can make a difference in the future. Particularly when that decision to move to SAP PM or some other inferior EAM system starts getting bandied about, having “friends in high places” can really make a difference.

Establish Meeting Cadence Determine how often to meet. At “Life Science Inc” we started with monthly meetings until we had the roadmap well-established, and things got under control. Eventually we moved to a quarterly meeting.

Define Evaluation Criteria Create a framework for prioritizing requests. Examples might include:

Business impact: Will this save money, increase efficiency, or ensure regulatory compliance?

Urgency: Is this tied to a critical deadline or operational need?

Feasibility: Can it be implemented with existing resources and infrastructure?

Use a Tracking Tool Keep a record of all requests, decisions, and timelines. Tools like Jira, Trello, or even Maximo itself can help manage this, or you may just choose to use your IT ticketing tool if your IT organization is ok with having changes that are open for a long time. As you saw with my previous blog posts about roadmaps, we initially used a spreadsheet and eventually ended up with a PowerPoint presentation with the roadmap as the first slide. Additional slides were then used for a write-up of the requests and the business justification. The changes didn’t become IT tickets until we were ready to start working on them.

Assign Roles Designate a chairperson to run the meetings, a secretary to document decisions, and leads for specific projects.

Sample Agenda for a Governance Meeting

A typical governance meeting starts with a review of outstanding items. This part of the discussion focuses on previously approved projects or changes, allowing the team to assess whether they are on track or identify reasons for delays. It ensures accountability and keeps ongoing work visible to all stakeholders. From there, the conversation shifts to evaluating new requests. Stakeholders take the time to walk through recently submitted proposals, weighing their merits, debating their potential impact, and ultimately deciding on their priority levels. These discussions can be collaborative and, at times, lively as different perspectives and business needs come to light.

Resource allocation naturally follows. At this point, the group determines how best to distribute available resources—such as budget, IT capacity, and personnel—balancing new priorities with ongoing work. This ensures that realistic decisions align with the organization’s strategic goals. Once priorities are clear, the meeting moves into roadmap updates. The team adjusts the shared roadmap to reflect decisions made during the session, aligning everyone with the evolving direction and priorities.

The meeting typically concludes with an open-floor segment, providing an opportunity for stakeholders to raise concerns, pose questions, or share ideas that may not have surfaced earlier. This final touch fosters collaboration and keeps the conversation inclusive, ensuring no important issues are left unaddressed.

Tips for Success

Be Consistent Once you set up the governance meeting, stick to the schedule. Cancelling too often can undermine its credibility.

Focus on Decision-Making Avoid letting the meeting become a discussion forum with no resolutions. The goal is to make decisions and assign priorities.

Communicate Decisions Widely After each meeting, distribute notes and updates to all relevant parties, even those who couldn’t attend.

Be Flexible While structure is critical, recognize that emergencies happen. Build some buffer into the roadmap for unexpected high-priority items.

Final Thoughts

Implementing a governance meeting may seem like an administrative burden at first, but the benefits far outweigh the costs. At my former company, this simple change improved communication, reduced friction, and ensured that our Maximo system was delivering maximum value to the organization.

From Interloc’s perspective…we’ve seen a lot of companies that would benefit from a Maximo steering committee/governance process. If your Maximo team is feeling overwhelmed by competing demands or struggling to keep stakeholders aligned, a governance meeting could be the solution. It’s a small investment of time that can yield significant returns in efficiency and stakeholder satisfaction. We’d love to help you put a governance meeting together.

Let me know how your governance meeting journey goes—and if you have any tips or anecdotes of your own to share, please share them in the comments below!

Maximo Application Suite Security Bulletins

Darlene Nerden — Wed, 09 Apr 2025 04:40:45 GMT

IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7228721?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file –

https://www.ibm.com/support/pages/node/7229048?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution –

https://www.ibm.com/support/pages/node/7229050?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system –

https://www.ibm.com/support/pages/node/7229049?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-47554 detected in commons-io-2.11.0.jar (Publicly disclosed vulnerability found by Mend) which is vulnerable to CVE-2024-47554 –

https://www.ibm.com/support/pages/node/7183770?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component vulnerable to arbitrary code execution –

https://www.ibm.com/support/pages/node/7229242?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters –

https://www.ibm.com/support/pages/node/7229496?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty –

https://www.ibm.com/support/pages/node/7229497?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass –

https://www.ibm.com/support/pages/node/7229500?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging –

https://www.ibm.com/support/pages/node/7229499?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141 –

https://www.ibm.com/support/pages/node/7229743?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56201 –

https://www.ibm.com/support/pages/node/7229744?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-24970) –

https://www.ibm.com/support/pages/node/7229750?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2024-47535) –

https://www.ibm.com/support/pages/node/7229751?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763) –

https://www.ibm.com/support/pages/node/7229756?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-25193) –

Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-25193)

Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Asset Management application (CVE-2024-31141) –

https://www.ibm.com/support/pages/node/7229749?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479 –

https://www.ibm.com/support/pages/node/7229757?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763) –

https://www.ibm.com/support/pages/node/7229054?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-47831 –

https://www.ibm.com/support/pages/node/7229758?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334 –

https://www.ibm.com/support/pages/node/7229763?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in org.eclipse.core.runtime-3.14.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-4218) –

https://www.ibm.com/support/pages/node/7229866?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to authenticate a server may fail to notice that the server was not authenticated –

https://www.ibm.com/support/pages/node/7230050?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to vulnerable to a denial of service due to Netty –

https://www.ibm.com/support/pages/node/7230052?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to jinja is an extensible templating engine –

https://www.ibm.com/support/pages/node/7230051?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24970) –

https://www.ibm.com/support/pages/node/7230113?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in CPython used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-7592,CVE-2024-6232,CVE-2024-8775) –

https://www.ibm.com/support/pages/node/7230112?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500) –

https://www.ibm.com/support/pages/node/7230140?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses "golang.org/x/net/html, crypto/internal/nistec, net/http, crypto/x509" which is vulnerable to "CVE-2024-45338, CVE-2025-22866, CVE-2024-45336, CVE-2024-45341" –

https://www.ibm.com/support/pages/node/7230233?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Operational Dashboards

Derrick Naruse — Mon, 31 Mar 2025 15:54:11 GMT

A next generation of dashboard capability in the Maximo Application Suite (MAS), Manage application exists in Operational Dashboards. The key features of this new capability are the following:

Launch other applications.

See workflow assignments

Monitor KPIs

Complete tasks

The Operational dashboard functions like Start Centers. The Operational dashboards bring in a consistent look and feel into Manage dashboards that exist in other MAS applications such as Health, Monitor and Predict. Operational dashboards can be the landing page when launching Manage. Manage comes available with two Operational dashboards: Maintenance and Emission Management. Below is a screen shot of Maintenance dashboard.

We will go through some of the tiles and cards in the Maintenance Operational Dashboard to highlight the features of Operational Dashboards.

The following KPIs are configured in the Maintenance Operational Dashboard:

Overdue Emergency work

Overdue PM work

PM Performance

Health of Assets for PM work

Each of the tiles calculates the results driven by a query. See the red arrow below to view the details.

By clicking on the View KPI Manager. You can view the query behind the tile and edit the “where” clause to edit parameters as per screen below.

The dashboard features Favorites and Quick Actions cards. These allow a user to launch an application quickly or launch a selected application insert mode, similar functionality to start centers.

The table below identifies a list of Card types that are available for use in your Operational dashboard:

Card Type	Description
KPI Trend	Displays the KPI values over time and allows comparison with up to 8 other KPIs. The date range is a set of values from 7 days to 5 years. If the graph does not render it is probably because you have no KPI Schedule set up which is generating KPIHISTORY records via the Cron Task within the selected time range. In MAS 9.0 the Advanced tab has an Available Actions field which will provide options to see the KPI values in a table or to refresh the KPI.
KPI Comparison	Displays up to 20 KPIs for comparison in bar, line, pie or donut chart. Allows export as CSV, PNG or JPG. You can also open full screen. In MAS 9.0 the Advanced tab has an Available Actions field, which will provide options to see the KPI values in a table or to refresh the KPI.
KPI Value	Displays a single KPI value but also gives the trend since the last refresh of the operational dashboard. In MAS 9.0 the Advanced tab has an Available Actions field which will allow you to link to the KPI Manager or KPI Viewer applications or refresh the KPI.
Value	Displays a single value from a data source, but the set of data sources is restricted, meaning that this card currently has no practical use without configuring your own data sources.
Favorites	Displays a list of favorite applications, classic or one of the role-based applications.
Quick Actions	Displays a list of applications which can be launched in insert mode. For role-based applications it just launches the application.
Table	Display a set of records from a data source, but the set of data sources is restricted, meaning that this card currently has no practical use without configuring your own data sources.
Work Queues	Displays a set of work queues. In MAS 9.0 there is now an Advanced tab which allows for the selection of work queues. There is also an Available Actions field which provides an option to refresh the work queues.
External Content	Displays a web page, so that you can interact with it from within the Operational Dashboard. There is an option to display full page.
Threshold Tile	Displays a single value from a data source, but the set of data sources is restricted, meaning that this card currently has no practical use without configuring your own data sources. This seems to be a duplicate of the Value card.

The Workflow Assignments due soon section allows users to see the assignments that are due in the next 24 hours or are already past due.

The work Queue card shows active work queues. This card shows can show work queues created in the new Work Queue Manager application. Two default work queues are created as per screen below with the capability to create additional work queues to suite any business specific requirements.

Users can select a queue to see additional details about the records. From the screen shot above, clicking the ENV WO link will display the record set below.

The Operational Dashboards can be configured to add tiles and cards to suit an organization’s business needs. Additional configurations can be performed through the Maximo Application Framework (MAF) to handle more advanced and complex requirements.

As a consultant, I have been very used to configuring dashboards with the legacy Maximo Start Center functionality. I have come to rely on the robust features of the Maximo Start Center. The Operational Dashboard application promises to be a strong configuration tool to tie all the MAS application dashboards modern look and feel. A lot of the features that I used with the Start Center application are available in the Operational Dashboard. In time, this new dashboard feature in Manage will be as robust as we saw in Start Centers.

Person/User Synchronization from a Financial System to Manage

Daniel Gagnon — Fri, 28 Mar 2025 18:53:38 GMT

Introduction

Throughout my career, I have developed multiple integrations between financial systems and Maximo, that involve financial and purchasing objects that include Purchase Requisitions, Purchase Orders, Receipts, GL Transactions, Person, and more.

With the introduction of Maximo Application Suite (MAS), user management is no longer handled in Manage and is now maintained within MAS. This shift presents new challenges and opportunities for integrating users seamlessly.

User Integration Approaches

Once a person record is created in Manage, several approaches can be used to integrate users. The following options are available:

1. Manual User Creation – Create the user manually in MAS, setting the user ID as personid.

2. Integration via Financial System – Utilize MAS APIs, as outlined in IBM’s Maximo Application Suite Admin APIs 8.11.x - IBM API Hub - IBM Developer documentation.

3. Automation Script & MASUSERSYNC – Implement an automation script to create the user record in Manage and trigger MASUSERSYNC.

4. Internal API Integration – Use the internal API (../v2/bulk/users/upsert) to create or update users in MAS directly from Manage.

Evaluation of Integration Approaches

I have configured and tested all four solutions, with the following findings:

Option 1 (Manual Entry): Not suitable for some business requirements due to the need for manual data entry.

Option 2 (Financial System Integration): Requires modifications to the financial system, which organization may not be willing to implement. The integration follows a two-step process:

Obtaining a temporary access token using an API key via a REST API request.

2. Using the token to send the payload.

Option 3 (MASUSERSYNC Automation): Presented challenges:

MASUSERSYNC attempts to synchronize all users each time it runs.

2. After execution, MASUSERSYNC disables itself.

3. The cron task instance does not allow specifying the access type or application entitlement, requiring additional manual data entry in MAS.

Given these limitations, this document focuses on Option 4: Using the Internal API for seamless user synchronization.

Implementing the Internal API Solution

Process Overview

The financial system sends person records to Manage, which uses the provided data to create the Person and Labor records. However, not every person requires a Manage user account.

To address this, I introduced a new action menu in the People application called “Create or Update MAS User.” This action allows users to create the MAS user only when needed.

📸 Screenshot: “Create or Update MAS User” new action menu

When selected, a dialog box prompts for the access type and entitlement, which are required for MAS to create the user. These values are crucial, as they determine the number of AppPoints allocated to the user.

📸 Screenshot: Create or Update MAS User dialog box

To simplify data entry, I created domains for these fields:

Access Type: Concurrent, Authorized
📸 Screenshot: Access Type values

Entitlement: NONE, SELF_SERVICE, LIMITED, BASE, PREMIUM
📸 Screenshot: Entitlement values

Automation Script & JSON Payload

When the OK button is clicked, an automation script runs to collect data from the Person record and the dialog box, creating a JSON message for the API request.

Since this client uses SAML authentication, no password is required. Below is the JSON structure and its mappings:

JSON Payload Mapping

(A more detailed JSON mapping table is included in the full implementation. An appendix is included at the end of this blog for more detail on JSON mapping.)

To construct the JSON object, I used the JSONObject and JSONArray classes from com.ibm.json.java, along with other essential libraries:

com.ibm.json.java.JSONObject

com.ibm.json.java.JSONArray

psdi.mbo.Translate

psdi.app.lictrack.MaxLicenseUtils

psdi.iface.mos.ConversionUtil

Calling the MAS Internal API

Once the json object is created, the script invokes the MAS Internal API. The internal API url is

internalapi.<mas-instance-id>.svc/v2/bulk/users/upsert

📌 API Request Configuration:

Final Outcome

Once MAS receives the JSON payload, it automatically creates or updates the MAS user and syncs it with Manage.

✅ No need to manually update users in MAS Administration Suite
✅ User accounts are synchronized seamlessly
✅ Only required users are created in MAS

📌 The final step is to assign the appropriate Manage user groups.

🎉 And that’s it! The user is successfully created in both MAS and Manage!

Conclusion

By leveraging the Internal API, we streamlined user synchronization without requiring financial system modifications or manual intervention. This approach ensures efficient user management while aligning with MAS best practices.

If you're considering similar integrations, I highly recommend this method for its flexibility and automation capabilities.

💡 Have questions or feedback? Feel free to reach out!

Maximo Application Suite Security Bulletins 3/17/25

Darlene Nerden — Tue, 18 Mar 2025 02:51:50 GMT

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-0.1.10.tgz CVE-2024-52798 –

https://www.ibm.com/support/pages/node/7185208?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.3.3-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2024-52804 –

https://www.ibm.com/support/pages/node/7185209?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171 –

https://www.ibm.com/support/pages/node/7185518?myns=swgother&mynp=OCSS7PRM&mync=E&cm_sp=swgother-_-OCSS7PRM-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45230 –

https://www.ibm.com/support/pages/node/7186403?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535 –

https://www.ibm.com/support/pages/node/7186405?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux_2_28_x86_64.whl CVE-2024-28219 –

https://www.ibm.com/support/pages/node/7186406?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094 –

https://www.ibm.com/support/pages/node/7186404?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Enabling MAS Start Centers

Suraj Singh — Mon, 10 Mar 2025 16:10:38 GMT

Hey Folks, I have a very quick one for you all.

Recently I was very stunned after upgrading our MAS environment when I noticed my Start Centers were acting differently.

While maintaining the ability to edit the single Administrator Start Center, AND the ability to attach that Start Center to groups, by default, I could not add any new templates despite being in an Admin role and all access to start centers were granted. My only option was to edit and configure the existing start center only, whereby the “Create new template” was missing.

I then found myself diving down a rabbit hole, trying to determine whether IBM had quietly deprecated Start Centers in favor of Dashboards. Having been in the IBM Maximo industry for a long time, such a move wouldn’t be surprising. However, retiring a key feature like Start Centers, dating back at least to Maximo 6, would be a bold decision. I paused for a moment of introspection and recalled IBM’s mantra that was thoroughly instilled in me: “If you're not riding the wave of change, you'll find yourself beneath it.” Was this yet another wave I needed to ride?

Thankfully, I am pleased to save everyone from a similar trauma; The answer is no. Start Center creation is still present, and all that was missing, was a sneaky little permission.

To enable creation for the Start Center Templates, go to your security group and select the appropriate group. On the applications, search for “Layout and Configuration”. Grant access on this application for “Read/Modify”, while also providing access to “Can Create Template”.

If you have any questions, or thoughts on how we can save you from other Maximo Trauma, please feel free to reach out to Interloc!

Upgrade Readiness for IBM Maximo Application Suite (MAS): What You Need to Know

Scott Peluso — Tue, 04 Mar 2025 20:51:36 GMT

Upgrading your asset management platform is no small task, but for organizations running IBM Maximo 7.6.x, the transition to the Maximo Application Suite (MAS) is more than just an upgrade—it's an opportunity to modernize, innovate, and expand your operational capabilities. With support for legacy versions ending later this year and only limited expertise available for these upgrades, acting now is critical.

This guide outlines essential considerations and actionable steps to ensure your MAS upgrade process is smooth, strategic, and successful.

Why Upgrade to the Maximo Application Suite?

The IBM Maximo Application Suite (MAS) represents a significant leap forward in enterprise asset management technology. Here's why upgrading from Maximo 7.6.x to MAS is worth your time and investment:

Enhanced Functionality: MAS integrates powerful applications like Manage, Monitor, Health, and Predict into a unified platform for a more holistic approach to asset management.

Modern Infrastructure: Built on Red Hat OpenShift, MAS facilitates containerized deployments, offering greater scalability and flexibility.

Futureproofing: With the end of standard support for Maximo 7.6.x looming, MAS ensures ongoing access to updates, technical support, and cutting-edge features.

Improved Efficiency: Advanced AI, automation, and analytics capabilities enable smarter decision-making and more efficient workflows.

Seamless Licensing: The new AppPoint-based model adapts to organizational needs and usage, helping enterprises control licensing costs.

Key Deadlines to Keep in Mind

If you're still using Maximo 7.6.x, time is running short:

Standard Support Ends: September 30, 2025

Extended Support Year 1 Ends: September 30, 2026

Sustained Support Ends: September 30, 2030

Acting now not only avoids expensive extended support costs but also ensures you meet critical deadlines without compromising operational continuity.

The MAS Upgrade Checklist

1. Assess Your Upgrade Path

Before planning your upgrade, identify your current Maximo version:

- Direct upgrades to MAS can only be performed from Maximo 7.6.1.x. If you're on an earlier version, an interim upgrade is required.

- If you're using a FedRAMP-authorized version of Maximo, additional considerations may apply.

Action:

- Audit your existing Maximo environment to confirm upgrade readiness.

2. Choose the Right MAS Applications

MAS offers multiple applications like Manage, Health, Monitor, and Predict, as well as Maximo for IT and other specialized functions. Choose the ones that align with your business goals.

Action:

- Define your operational needs and pick the appropriate MAS applications.

3. Select Licensing Options

MAS uses an AppPoint-based licensing model. You’ll need to estimate your AppPoint requirements based on your existing user permissions and access levels.

Action:

- Use IBM's AppPoint calculator to estimate your needs and consult your IBM license provider for a tailored quote.

4. Prepare Your Deployment Environment

Decide whether MAS will be deployed on-premise or in the cloud. Both options have different implications for resource management and costs.

Key considerations:

On-Premise:

- Ensure adequate hardware sizing for increased MAS resource demands.
- Confirm availability of Red Hat OpenShift expertise within your team.

Cloud:

- Assess potential providers (AWS, IBM, Azure) and evaluate their disaster recovery, security, and backup offerings.

Action:

- Review your organization's infrastructure capabilities and determine the best deployment model.

5. Address Customizations and Integrations

Existing Maximo customizations and integrations may require updates or replacements. For example, MAS replaces JMS queues with Kafka for web-based interactions, which might necessitate modifications in integration authentication.

Action:

- Perform a detailed review of customizations and integrations to ensure compatibility with MAS.

6. Upgrade Tooling and Reporting

MAS provides several tools to simplify the upgrade process, such as the AppPoint calculator, the Integrity Checker, and customization utilities.

If you're using complex BIRT reports in your legacy Maximo system, start your MAS upgrade from version 7.6.1.3 to preserve reporting functionality.

Action:

- Leverage IBM's upgrade tools to ease the transition and refine your reporting strategy.

7. Data Review and Fresh Installs

Instead of directly upgrading, some organizations may benefit more from a fresh install of MAS. This approach ensures optimized data quality and reduces any legacy baggage carried into the new system.

Action:

- Evaluate the pros and cons of a fresh install for your organization.
- Review your existing data and archive/sanitize where appropriate.

8. Prepare for Training, Testing, and Post-Go-Live Support

To ensure a smooth transition, involve all relevant stakeholders, create a sandbox for testing, and establish a robust user training and post-go-live support plan.

Action:

- Define a clear upgrade project plan, including testing, user acceptance, and training requirements.

The Benefits of Acting Now

By planning your upgrade early, you gain several key advantages:

Stay Ahead of the Deadline: Avoid the last-minute rush as extended support deadlines approach.

Optimize Costs: Reduce the cost of prolonged extended support and take advantage of MAS’s scalable licensing.

Minimize Downtime: A well-planned upgrade minimizes operational disruptions and ensures continued productivity.

Leverage Expertise: Take advantage of IBM Business Partners and consulting experts to streamline the upgrade process.

Get Started with Your MAS Upgrade Today

A successful transition to MAS starts with a thorough readiness assessment and a well-defined upgrade plan. Whether you're leveraging in-house resources or working with an IBM Business Partner, make sure you build the foundation for success early.

Need help navigating the complexities of your MAS upgrade? Take your first step on your MAS journey and contact Interloc Solutions today for expert guidance and support from a trusted IBM Platinum Business Partner!

MAS deployment series: Installing the MAS AI broker for Work Order intelligence

Julio Perera — Wed, 19 Feb 2025 22:45:03 GMT

While the IBM Ansible scripting covers the installation of the AI broker, at the time of writing, there are several dependencies and caveats that are not installed by default and the documentation is insufficient to completely do a successful installation.

Additionally, the script was developed with the “Open Data Hub” Operator version v2.11.1 in mind. However, time has passed, and the actual version being installed at the time of writing is v2.23.0 which causes issues with the script execution. Even if we could work around these issues, installing version v2.23.0 causes incompatibility with some of the installed CRDs that make the installation fail later. The root of the issue appears to be around the inability of one of the IBM Ansible python functions to create Operator Subscriptions supporting the “spec.startingCSV” tag which allows to install a specific version instead of the latest.

Also, there are important caveats around the plans to use on the WatsonX AI service as we found out when trying to train the model and after consulting with IBM support. Basically, if we use the “Lite” plan as stated on https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=setup-create-watsonx-api-key then the model will refuse to train as a rate limit will be hit and cause errors. IBM support confirmed that the “Essentials” plan can be used and won’t have the issues that the “Lite” plan has.

First, we created a Project, Service ID, Deployment Space with a Plan (“Essentials” recommended, which is a paid plan), and setup the API Key as stated in the IBM link that appears in the previous paragraph. We are not documenting these steps in greater detail here as they worked without much tinkering although the navigation around the WatsonX.ai site was confusing at times. The output of this task should be the following settings that we store as Environment variables to be used by the IBM scripting:

export MAS_AIBROKER_WATSONXAI_APIKEY="<value-omitted>" ## The WatsonX API key
export MAS_AIBROKER_WATSONXAI_URL="https://us-south.ml.cloud.ibm.com" ## The WatsonX API URL
export MAS_AIBROKER_WATSONXAI_PROJECT_ID="5aba7552-9c38-43c0-9e86- 9ea730f0c323" ## The WatsonX Project ID

Notice that we chose to deploy our testing WatsonX instance in Dallas and the Endpoint URL reflects that choice.

First, there are several dependencies that are required to be installed which are not covered in the IBM Ansible scripts, basically these are:

A) A relational database (we are using a new MariaDB instance; but potentially another pre-existing instance could be used)
B) An S3 (Object Storage) set of buckets (we are using a new Minio instance; but potentially another pre-existing S3 service could be used).

The above is meant to populate several Environment Variables used by the Ansible Galaxy collection (more on it later).

Regarding the MariaDB and Minio instances, we intended to use specific instances of each for each MAS Core, so data and files don’t get mixed between instances. Therefore, we used project names containing our intended (testing) MAS Core Instance ID, in our case “p01-main”. Separate projects and installs could be used for different MAS Core Instances and the Project Names should follow suit, in our case:

The MariaDB project/namespace was named “mas-p01-main-aibroker-mariadb”.

The Minio project/namespace was named “mas-p01-main-aibroker-minio”.

The actual AI broker project generated for the mentioned MAS Core Instance ID is going to be “mas-p01-main-aibroker” so project naming should be all related.

Therefore, to accomplish that, we submitted the following YAMLs to the Cluster:

For the MariaDB instance:

---
apiVersion: v1
kind: Namespace
metadata:
name: mas-p01-main-aibroker-mariadb
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pvc
namespace: mas-p01-main-aibroker-mariadb
labels:
app: mariadb-instance
component: data-science-pipelines
spec:
accessModes:
- ReadWriteOnce
storageClassName: ocs-storagecluster-cephfs
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ds-pipelines-mariadb-sa-instance
namespace: mas-p01-main-aibroker-mariadb
labels:
app: mariadb-instance
component: data-science-pipelines
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: mariadb-instance
namespace: mas-p01-main-aibroker-mariadb
spec:
podSelector:
matchLabels:
app: mariadb-instance
component: data-science-pipelines
ingress:
- ports:
- protocol: TCP
port: 3306
from:
- podSelector:
matchLabels:
app.kubernetes.io/name: data-science-pipelines-operator
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: opendatahub
- podSelector:
matchLabels:
app: ds-pipeline-instance
component: data-science-pipelines
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: mas-p01-main-aibroker
- podSelector:
matchLabels:
app: ds-pipeline-metadata-grpc-instance
component: data-science-pipelines
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: mas-p01-main-aibroker
policyTypes:
- Ingress
---
kind: Secret
apiVersion: v1
metadata:
name: mariadb-instance
namespace: mas-p01-main-aibroker-mariadb
stringData:
password: <mariadb-password>
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb-instance
namespace: mas-p01-main-aibroker-mariadb
labels:
app: mariadb-instance
component: data-science-pipelines
dspa: instance
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: mariadb-instance
component: data-science-pipelines
dspa: instance
template:
metadata:
labels:
app: mariadb-instance
component: data-science-pipelines
dspa: instance
spec:
serviceAccountName: ds-pipelines-mariadb-sa-instance
containers:
- name: mariadb
image: registry.redhat.io/rhel8/mariadb-103:1-188
ports:
- containerPort: 3306
readinessProbe:
exec:
command:
- /bin/sh
- "-i"
- "-c"
- >-
MYSQL_PWD=$MYSQL_PASSWORD mysql -h 127.0.0.1 -u $MYSQL_USER -D
$MYSQL_DATABASE -e 'SELECT 1'
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 3306
timeoutSeconds: 1
env:
- name: MYSQL_USER
value: "mariadb"
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: "mariadb-instance"
- name: MYSQL_DATABASE
value: "kmpipeline"
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "true"
resources:
requests:
cpu: 300m
memory: 800Mi
limits:
cpu: "1"
memory: 1Gi
volumeMounts:
- name: mariadb-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mariadb-persistent-storage
persistentVolumeClaim:
claimName: mariadb-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mariadb-instance
namespace: mas-p01-main-aibroker-mariadb
labels:
app: mariadb-instance
component: data-science-pipelines
spec:
ports:
- name: http
port: 3306
protocol: TCP
targetPort: 3306
selector:
app: mariadb-instance
component: data-science-pipelines

Notice that we have put some values above in bold, to signify that these will match and must follow the configuration for the target environment as mentioned. Also, the MariaDB password will have to be filled up with a value as well.

The Storage Class could be any Storage Class that offers ReadWriteOnce capabilities. ReadWriteMany could be used as well although it is not needed. Size may need to be adjusted as well.

As a result, we ended up with the following set of related environment variables that will make the input to the IBM Ansible script:

export MAS_AIBROKER_DB_HOST="mariadb-instance.mas-p01-main-aibroker- mariadb.svc.cluster.local" # Take it from the Service on the project

export MAS_AIBROKER_DB_PORT="3306" # Take it from the Service on the
project

export MAS_AIBROKER_DB_USER="mariadb" # Take it from the environment
variables on the Deployment

export MAS_AIBROKER_DB_DATABASE="kmpipeline" # Take it from the environment variables on the Deployment

export MAS_AIBROKER_DB_SECRET_NAME="mariadb-instance" # Take it from the environment variables on the Deployment

export MAS_AIBROKER_DB_SECRET_VALUE="<mariadb-password>" # Take it from the Secret as specified above

For the Minio instance:

---
apiVersion: v1
kind: Namespace
metadata:
name: mas-p01-main-aibroker-minio
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: mas-p01-main-aibroker-minio
spec:
accessModes:
    - ReadWriteOnce
volumeMode: Filesystem
storageClassName: ocs-storagecluster-cephfs
resources:
    requests:
      storage: 40Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: mas-p01-main-aibroker-minio
spec:
selector:
    matchLabels:
      app: minio
template:
    metadata:
      labels:
        app: minio
    spec:
      volumes:
        - name: storage
          persistentVolumeClaim:
            claimName: minio-pvc
      containers:
        - name: minio
          image: quay.io/minio/minio:latest
          command:
            - /bin/bash
            - -c
          args:
            - minio server /data --console-address :9090
          env:
            - name: MINIO_ROOT_USER
              value: minio
            - name: MINIO_ROOT_PASSWORD
              value: <minio-password>
          volumeMounts:
            - mountPath: /data
              name: storage
---
apiVersion: v1
kind: Service
metadata:
name: minio-service
namespace: mas-p01-main-aibroker-minio
spec:
type: ClusterIP
ports:
    - name: api
      port: 9000
      targetPort: 9000
      protocol: TCP
    - name: console
      port: 9090
      targetPort: 9090
      protocol: TCP
selector:
    app: minio
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: minio-route
namespace: mas-p01-main-aibroker-minio
spec:
to:
    kind: Service
    name: minio-service
    weight: 100
port:
    targetPort: 9090
tls:
    termination: edge
    insecureEdgeTerminationPolicy: None

Notice that we have put some values above in bold, to signify that these will match and must follow the configuration for the target environment as mentioned. Also, the Minio password will have to be filled up with a value as well.

The Storage Class could be any Storage Class that offers ReadWriteOnce capabilities. ReadWriteMany could be used as well although it is not needed. Size may need to be adjusted as well.

As a result, we ended up with the following set of related environment variables that will make the input to the IBM Ansible script:

export MAS_AIBROKER_STORAGE_ACCESSKEY="minio" # Take it from the environment variables on the Deployment
export MAS_AIBROKER_STORAGE_SECRETKEY="<minio-password>" # Take it from the environment variables on the Deployment
export MAS_AIBROKER_STORAGE_HOST="minio-service.mas-p01-main-aibroker- minio.svc.cluster.local" # Take it from the Service
export MAS_AIBROKER_STORAGE_PORT="9000" # Take it from the Service (the "api" port)
export MAS_AIBROKER_STORAGE_REGION="" # Leave blank
export MAS_AIBROKER_STORAGE_PROVIDER="minio"
export MAS_AIBROKER_STORAGE_SSL=false
export MAS_AIBROKER_STORAGE_PIPELINES_BUCKET="km-pipelines"
export MAS_AIBROKER_STORAGE_TENANTS_BUCKET="km-templates"
export MAS_AIBROKER_STORAGE_TEMPLATES_BUCKET="km-tenants"

Notice that Bucket names are recommended.

Once submitted the Route, go to it and note the URL, in our case:

https://minio-route-mas-p01-main-aibroker-minio.apps.demo05.mas.interloc.cloud/

Then we should be able to login using the credentials in the Deployment above, in our case:

Username: minio
Password: <minio-password>

Next, we went to Administrator -> Buckets and created the following buckets (using default options):

km-pipelines
km-templates
km-tenants

Ater going to the object browser, these buckets will appear with zero size. We are not sure if the Buckets will be created automatically if they don’t exist therefore, we resorted to create them manually.

Next, we already had an instance of the MAS Ansible Galaxy collection installed (or a container could be used to deploy the latest image) and we had to update it and install a dependency that was not specified initially, in our case:

ansible-galaxy collection install --upgrade ibm.mas_devops
python3 -m pip install boto3

To execute the Ansible collection we need also to finish setting up some additional environment variables, in our case:

export MAS_ENTITLEMENT_KEY="<ibm-entitlement-key>" # The IBM Entitlement
key to access the IBM Container Registry, from https://myibm.ibm.com/products-services/containerlibrary
export MAS_INSTANCE_ID="p01-main" # Declare the instance ID for the AI Broker install

But before executing the Ansible collection, we needed to make some changes to it in order for it to work as intended.

To work around the error “"namespaces "openshift-serverless" not found.” We submitted the following YAMLs first:

---
apiVersion: v1
kind: Namespace
metadata:
name: openshift-serverless
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: openshift-serverless-og
namespace: openshift-serverless
spec:
upgradeStrategy: Default

Then to avoid the errors around the Open Data Hub Operator mentioned above; we manually submitted the following Subscription:

apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
name: opendatahub-operator
namespace: openshift-operators
spec:
channel: fast
installPlanApproval: Manual
name: opendatahub-operator
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: opendatahub-operator.v2.11.1

Optionally approve the Install Plan for the Operator (as it is Manual otherwise it automatically upgrades to the latest version which will cause issues as mentioned above).

Next, we proceeded to comment out the section that installs the Operator on the related IBM Ansible script, located in our case at:

~/.ansible/collections/ansible_collections/ibm/mas_devops/roles/odh/tasks/odh-operator.yml

The change looked like the below:

# Install Operator & create entitlement openshift-odh
# -----------------------------------------------------------------------------
#- name: "Install Openshift odh Operator"
# ibm.mas_devops.apply_subscription:
#    namespace: ""
#    package_name: "opendatahub-operator"
#    package_channel: ""
#    catalog_source: ""
# register: subscription

Next, we executed the actual Ansible Playbook from the collection, by using:

ansible-playbook ibm.mas_devops.oneclick_add_aibroker

We should also check that all Pods on the “aibroker” (in our case “mas-p01-main-aibroker”) project/namespace are Ready and execute without errors:

To configure Manage next, we need to retrieve some additional information, first, let’s get the AI Broker API Key from the secret named “aibroker-user----apikey-secret” on the AI Broker project/namespace. That value should be used into the “mxe.int.aibrokerapikey” Manage System Property.

Also, we should grab the value of the AI Broker Route, in the same project/namespace, our Route has the URL “https://aibroker.p01.demo05.mas.interloc.cloud/” and we used it to configure the “mxe.int.aibrokerapiurl” Manage System Property by adding “/ibm/aibroker/service/rest/api/v1/” to it, so it became “https://aibroker.p01.demo05.mas.interloc.cloud/ibm/aibroker/service/rest/api/v1/”.

Finally, we configured the “mxe.int.aibrokertenantid” Manage System Property. The value we used was “aibroker-user” which appears to be a hardcoded value that can be retrieved from the internal URL: https://km-controller.mas-p01-main-aibroker:8443/api/v1/tenants, values in our case we used (on the Terminal of the “*-aibroker-api-*” Pod):

wget https://km-controller.mas-p01-main-aibroker:8443/api/v1/tenants --no-check- certificate

And the response came back as “[aibroker-user]”.

Next, we went to the "Cron Task Setup" application and ensure the Crontask Instances for “AIINFJOB” and “AITRAINJOB” are enabled and set to run periodically. Wait for the “AIINFJOB” to run at least once.

Finally, we went to the "AI configuration" application and there should be only one row named "WOPROBLEMCODE". We selected it and from Actions choose "Activate" then "Train Model". Waited while the model is trained as it may take some time.

A row should appear on the Model Training log table stating that the model training was completed. Then going back into the list of AI Configuration Models, check for the "Check Model Status" option that appears when you hover over the Active column value and the Model ID should be populated as well as the Ready value should be "True".

References:

We mostly followed a great tutorial by Sai Manjunath that can be found at https://developer.ibm.com/tutorials/awb-ai-driven-work-order-intelligence-maximo/

Also, the related IBM documentation can be found under https://www.ibm.com/docs/en/masv-and-l/maximo-manage/continuous-delivery?topic=watsonx-maximo-manage-ai-overview