Maximo Application Suite Security Bulletins
IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Software: Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045) –
Software: Security Bulletin: next-auth-4.24.3.tgz is vulnerable to CVE-2023-48309 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl is vulnerable to CVE-2024-22195 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: Django-3.2.24-py3-none-any.whl is vulnerable to CVE-2024-27351 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: cryptography-42.0.0-cp37-abi3-manylinux_2_28_x86_64.whl and cryptography-42.0.3-cp37-abi3-manylinux_2_28_x86_64.whl is vulnerable to CVE-2024-26130 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component –
About Darlene Nerden
Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.