IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs –
Security bulletin: Security Bulletin: There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27516) –
Security bulletin: Security Bulletin: There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-9880) –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system –
Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763 –
Security bulletin: Security Bulletin: IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202 –
Security bulletin: Security Bulletin: There is a vulnerability in vitest-2.1.8.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24963,CVE-2025-24964) –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Manage Component uses prismjs-1.29.0.tgz which is vulnerable to CVE-2024-53382 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-12797 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT uses netty-common-4.1.114.Final.jar which is vulnerable to CVE-2025-25193 –
Security bulletin: Security Bulletin: There is a vulnerability in cryptography-44.0.0-cp39-abi3-manylinux_2_28_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-12797) –
Maximo Asset Management 7.6.1x Security Bulletins
IBM has released Maximo Asset Management Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle Oct 2024 CPU –
Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to Server-Side Request Forgery (SSRF) + Information Disclosure (CVE-2025-2987) –
Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (WebSphere Application Server traditional is vulnerable to SSRF) –
Security bulletin: Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2025-2986) –