<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Request More Info

«  View All Posts

Blog Feature
Darlene Nerden

By: Darlene Nerden on February 18th, 2025

Print/Save as PDF

2/18/25 - Maximo Application Suite Security Bulletins

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability. 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538 –  

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538 

 

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs –  

https://www.ibm.com/support/pages/node/7182512?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.ja which is vulnerable to multiple CVEs –  

https://www.ibm.com/support/pages/node/7182677?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296 –  

https://www.ibm.com/support/pages/node/7182678?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.7-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.7-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.5.0.tgz CVE-2024-47764 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.5.0.tgz CVE-2024-47764 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.4.0.tgz CVE-2024-47764 –  

ibm.com/support/pages/node/7182915?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538 –  

https://www.ibm.com/support/pages/node/7182920?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766 – 

https://www.ibm.com/support/pages/node/7182924?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531 –  

https://www.ibm.com/support/pages/node/7183227?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to virtualenv-20.17.1-py3-none-any.whl CVE-2024-53899 –  

https://www.ibm.com/support/pages/node/7183228?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl (CVE-2024-56326, CVE-2024-56201) –  

https://www.ibm.com/support/pages/node/7183333?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.