Interloc Solutions Blog

Maximo Application Suite Security Bulletins

Written by Darlene Nerden | Oct 29, 2024 4:09:09 PM

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Asset Data Dictionary Component uses grpc-protobuf-1.50.2.jar and jettison-1.5.2.jar which is vulnerable to CVE-2023-32731 and CVE-2023-1436 –  

https://www.ibm.com/support/pages/node/7173594?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite -IoT Component uses cxf-rt-transports-http-4.0.4.jar which is vulnerable to CVE-2024-41172 –  

https://www.ibm.com/support/pages/node/7173595?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component –  

https://www.ibm.com/support/pages/node/7173986?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314 –  

https://www.ibm.com/support/pages/node/7173988?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite: certifi-2023.7.22-py3-none-any.whl is vulnerable to CVE-2024-39689 used in IBM Maximo Application Suite - Edge Data Collector –  

https://www.ibm.com/support/pages/node/7174099?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338 –  

https://www.ibm.com/support/pages/node/7174098?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector –  

https://www.ibm.com/support/pages/node/7174103?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-50314 used in IBM Maximo Application Suite - Monitor Component –  

https://www.ibm.com/support/pages/node/7174102?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite: djangorestframework-3.15.1-py3-none-any.whl is vulnerable to CVE-2024-21520 used in IBM Maximo Application Suite - Edge Data Collector –  

https://www.ibm.com/support/pages/node/7174101?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818 –  

https://www.ibm.com/support/pages/node/7174110?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector –  

https://www.ibm.com/support/pages/node/7174244?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067 –  

https://www.ibm.com/support/pages/node/7174243?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector –  

https://www.ibm.com/support/pages/node/7174244?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Maximo Asset Management Security Bulletins 

IBM has released Maximo Asset Management Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45085) –  

https://www.ibm.com/support/pages/node/7174115?myns=swgother&mynp=OCSSLKT6&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSG2D3&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSS5RRF&mynp=OCSSLL8M&mync=E&cm_sp=swgother-_-OCSSLKT6-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLL9Z-OCSSLKSJ-OCSSG2D3-OCSSLL9G-OCSSKVFR-OCSS5RRF-OCSSLL8M-_-E

Security bulletin: Security Bulletin: Maximo Asset Management- A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45072) –  

https://www.ibm.com/support/pages/node/7174114?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLKT6&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSKVFR-OCSSG2D3-OCSSLKT6-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKSJ-_-E 
View full post