IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041 –
Security bulletin: Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642 –
Security bulletin: Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642 –
Security bulletin: Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 –
Security bulletin: Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710 –