IBM has released Maximo Application Suite Security Bulletins this week. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to path-to-regexp-0.1.10.tgz CVE-2024-52798 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tornado-6.3.3-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2024-52804 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45230 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux_2_28_x86_64.whl CVE-2024-28219 –
Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094 –