IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jline-3.9.0.jar and zookeeper-3.9.2.jar which is vulnerable to CVE-2023-50572 and CVE-2024-51504 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to body-parser-1.20.2.tgz CVE-2024-45590 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-security-web-6.3.1.jar CVE-2024-38821 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to express-4.19.2.tgz CVE-2024-43796 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to send-0.18.0.tgz CVE-2024-43799 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-1.8.0.tgz, path-to-regexp-0.1.7.tgz CVE-2024-45296 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-42.0.4-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-6119 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2023-33976 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569 –