IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Maximo Application Suite - IOT Component uses dnspython-1.16.0-py2.py3-none-any.whl which is vulnerable to CVE-2023-29483 – https://www.ibm.com/support/pages/node/7149961?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin: rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate is vulnerable to WS-2023-0366 used in IBM Maximo Application Suite - Edge Data Collector – https://www.ibm.com/support/pages/node/7149715?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin:IBM Asset Data Dictionary Component uses vertx-core-4.5.0.jar which is vulnerable to CVE-2024-1023 and CVE-2024-1300 – https://www.ibm.com/support/pages/node/7150055?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin: Apache Commons Compress is vulnerable to CVE-2024-26308 and CVE-2024-25710 used in IBM Maximo Application Suite - Monitor Component – https://www.ibm.com/support/pages/node/7150075?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E
Security bulletin: Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component – https://www.ibm.com/support/pages/node/7150076?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E