IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Software: Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045) –
Software: Security Bulletin: next-auth-4.24.3.tgz is vulnerable to CVE-2023-48309 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl is vulnerable to CVE-2024-22195 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: Django-3.2.24-py3-none-any.whl is vulnerable to CVE-2024-27351 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: cryptography-42.0.0-cp37-abi3-manylinux_2_28_x86_64.whl and cryptography-42.0.3-cp37-abi3-manylinux_2_28_x86_64.whl is vulnerable to CVE-2024-26130 used in IBM Maximo Application Suite - Edge Data Collector –
Software: Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component –