Interloc Solutions Blog

Maximo Application Suite Security Bulletins

Written by Darlene Nerden | Apr 9, 2025 4:40:45 AM

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability. 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs –  

https://www.ibm.com/support/pages/node/7228721?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file –  

https://www.ibm.com/support/pages/node/7229048?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to arbitrary code execution –  

https://www.ibm.com/support/pages/node/7229050?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E  

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system –  

https://www.ibm.com/support/pages/node/7229049?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-47554 detected in commons-io-2.11.0.jar (Publicly disclosed vulnerability found by Mend) which is vulnerable to CVE-2024-47554 –  

https://www.ibm.com/support/pages/node/7183770?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Predict Component vulnerable to arbitrary code execution –  

https://www.ibm.com/support/pages/node/7229242?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters –  

https://www.ibm.com/support/pages/node/7229496?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty – 

https://www.ibm.com/support/pages/node/7229497?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass –  

https://www.ibm.com/support/pages/node/7229500?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging –  

https://www.ibm.com/support/pages/node/7229499?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141 –  

https://www.ibm.com/support/pages/node/7229743?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56201 –  

https://www.ibm.com/support/pages/node/7229744?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-24970) –  

https://www.ibm.com/support/pages/node/7229750?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2024-47535) –  

https://www.ibm.com/support/pages/node/7229751?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763) –  

https://www.ibm.com/support/pages/node/7229756?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-25193) – 

Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-25193) 

 

Security bulletin: Security Bulletin: There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Asset Management application (CVE-2024-31141) – 

https://www.ibm.com/support/pages/node/7229749?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479 –  

https://www.ibm.com/support/pages/node/7229757?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763) –  

https://www.ibm.com/support/pages/node/7229054?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-47831 – 

https://www.ibm.com/support/pages/node/7229758?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334 – 

https://www.ibm.com/support/pages/node/7229763?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in org.eclipse.core.runtime-3.14.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-4218) –  

https://www.ibm.com/support/pages/node/7229866?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to authenticate a server may fail to notice that the server was not authenticated –  

https://www.ibm.com/support/pages/node/7230050?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to vulnerable to a denial of service due to Netty –  

https://www.ibm.com/support/pages/node/7230052?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to jinja is an extensible templating engine –  

https://www.ibm.com/support/pages/node/7230051?myns=swgother&mynp=OCSSLPYA&mync=E&cm_sp=swgother-_-OCSSLPYA-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24970) –  

https://www.ibm.com/support/pages/node/7230113?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: There is a vulnerability in CPython used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-7592,CVE-2024-6232,CVE-2024-8775) –  

https://www.ibm.com/support/pages/node/7230112?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500) –  

https://www.ibm.com/support/pages/node/7230140?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses "golang.org/x/net/html, crypto/internal/nistec, net/http, crypto/x509" which is vulnerable to "CVE-2024-45338, CVE-2025-22866, CVE-2024-45336, CVE-2024-45341" –  

https://www.ibm.com/support/pages/node/7230233?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 
View full post