<div style="display:inline;"> <img height="1" width="1" style="border-style:none;" alt="" src="//googleads.g.doubleclick.net/pagead/viewthroughconversion/1066880148/?value=0&amp;label=4oTQCMyJzwQQlJnd_AM&amp;guid=ON&amp;script=0">
Request More Info

«  View All Posts

Blog Feature
Darlene Nerden

By: Darlene Nerden on December 30th, 2024

Print/Save as PDF

Maximo Application Suite Security Bulletins

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability. 

 

Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504 –  

https://www.ibm.com/support/pages/node/7179336?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254 –  

https://www.ibm.com/support/pages/node/7179343?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590 –  

https://www.ibm.com/support/pages/node/7180001?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821 –  

https://www.ibm.com/support/pages/node/7180000?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043 –  

https://www.ibm.com/support/pages/node/7180002?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796 –  

https://www.ibm.com/support/pages/node/7180004?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799 –  

https://www.ibm.com/support/pages/node/7180005?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296 –  

https://www.ibm.com/support/pages/node/7180003?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800 –  

https://www.ibm.com/support/pages/node/7180006?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.4-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119 –  

https://www.ibm.com/support/pages/node/7180007?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2023-33976 –  

https://www.ibm.com/support/pages/node/7180009?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660 –  

https://www.ibm.com/support/pages/node/7180008?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891 –  

https://www.ibm.com/support/pages/node/7180010?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569 –  

https://www.ibm.com/support/pages/node/7180011?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

About Darlene Nerden

Darlene Nerden is a Maximo Operations and Support Engineer. She has worked with Maximo for over 30 years primarily on the infrastructure and systems side including installs, upgrades, performance tuning, etc. She has worked on a number of teams in the product lifecycle including QA, support, services, operations, etc. Darlene has been a key part of successful implementations and upgrades. She has also been an integral part in end-user acceptance of Maximo with key performance tuning and maintenance strategizes.