Interloc Solutions Blog

2/18/25 - Maximo Application Suite Security Bulletins

Written by Darlene Nerden | Feb 19, 2025 3:43:37 AM

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability. 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538 –  

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538 

 

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs –  

https://www.ibm.com/support/pages/node/7182512?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.ja which is vulnerable to multiple CVEs –  

https://www.ibm.com/support/pages/node/7182677?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296 –  

https://www.ibm.com/support/pages/node/7182678?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.7-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.7-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.5.0.tgz CVE-2024-47764 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.5.0.tgz CVE-2024-47764 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to WebSphere Application Server Liberty CVE-2024-7254 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Werkzeug-2.3.4-py3-none-any.whl CVE-2023-46136 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cookie-0.4.0.tgz CVE-2024-47764 –  

ibm.com/support/pages/node/7182915?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to nanoid-3.3.7.tgz CVE-2024-55565 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231 –  

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538 –  

https://www.ibm.com/support/pages/node/7182920?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to werkzeug-3.0.4-py3-none-any.whl CVE-2024-49766 – 

https://www.ibm.com/support/pages/node/7182924?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531 –  

https://www.ibm.com/support/pages/node/7183227?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to virtualenv-20.17.1-py3-none-any.whl CVE-2024-53899 –  

https://www.ibm.com/support/pages/node/7183228?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl (CVE-2024-56326, CVE-2024-56201) –  

https://www.ibm.com/support/pages/node/7183333?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 
View full post