Interloc Solutions Blog

Maximo Application Suite Security Bulletins - December

Written by Darlene Nerden | Dec 5, 2024 4:53:07 AM

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability.

–Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Injection - Cross Site Scripting Rule –  

https://www.ibm.com/support/pages/node/7174946?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

 Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067 –  

https://www.ibm.com/support/pages/node/7174950?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to xmlunit-core-2.9.1.jar CVE-2024-31573 –  

https://www.ibm.com/support/pages/node/7174951?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to sqlparse-0.4.4-py3-none-any.whl CVE-2024-4340 –  

https://www.ibm.com/support/pages/node/7174949?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669 –  

https://www.ibm.com/support/pages/node/7174955?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to SQL Injection Rule in database services CVE-2024-35148 –  

https://www.ibm.com/support/pages/node/7174952?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144 –  

https://www.ibm.com/support/pages/node/7174953?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-39338 –  

https://www.ibm.com/support/pages/node/7174956?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ws-7.5.9.tgz CVE-2024-37890 –  

https://www.ibm.com/support/pages/node/7174960?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997 –  

https://www.ibm.com/support/pages/node/7174975?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33664 –  

https://www.ibm.com/support/pages/node/7174969?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068 –  

https://www.ibm.com/support/pages/node/7174972?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338 –  

https://www.ibm.com/support/pages/node/7174970?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Jinja2-3.1.3-py3-none-any.whl CVE-2024-34064 –  

https://www.ibm.com/support/pages/node/7174971?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to setuptools-68.0.0-py3-none-any.whl CVE-2024-6345 –  

https://www.ibm.com/support/pages/node/7174973?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to urllib3-2.0.7-py3-none-any.whl CVE-2024-37891 –  

https://www.ibm.com/support/pages/node/7174974?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195 –  

https://www.ibm.com/support/pages/node/7174976?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33663 – 

https://www.ibm.com/support/pages/node/7174977?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs –  

https://www.ibm.com/support/pages/node/7175755?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354) –  

https://www.ibm.com/support/pages/node/7176643?myns=swgother&mynp=OCSS5RRF&mynp=OCSSLL9Z&mynp=OCSSLL8M&mynp=OCSSLL9G&mynp=OCSSKVFR&mynp=OCSSLL84&mynp=OCSSLLAM&mynp=OCSSWT9A&mynp=OCSSLKSJ&mynp=OCSSLKT6&mynp=OCSSG2D3&mync=E&cm_sp=swgother-_-OCSS5RRF-OCSSLL9Z-OCSSLL8M-OCSSLL9G-OCSSKVFR-OCSSLL84-OCSSLLAM-OCSSWT9A-OCSSLKSJ-OCSSLKT6-OCSSG2D3-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254 –  

https://www.ibm.com/support/pages/node/7176776?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-webmvc-6.1.12.jar CVE-2024-38816 –  

https://www.ibm.com/support/pages/node/7177375?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to spring-web-6.1.11.jar CVE-2024-38809 –  

https://www.ibm.com/support/pages/node/7177376?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

 

Maximo Asset Management Security Bulletins 

IBM has released Maximo Asset Management Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability. 

 

Security bulletin: Security Bulletin: Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45071) –  

https://www.ibm.com/support/pages/node/7174419?myns=swgother&mynp=OCSSLKT6&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mync=E&cm_sp=swgother-_-OCSSLKT6-OCSSKVFR-OCSSG2D3-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLL9Z-OCSSLKSJ-_-E 

 

Software: Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Asset Management application (CVE-2024-40094) –  

https://www.ibm.com/support/pages/node/7174814?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Software: Security Bulletin: There is a vulnerability in plotly.js used by IBM Maximo Asset Management application (CVE-2023-46308) –  

https://www.ibm.com/support/pages/node/7174812?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45086) –  

https://www.ibm.com/support/pages/node/7174815?myns=swgother&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-OCSSG2D3-OCSSLLAM-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLKT6-_-E 

 

Software: Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload (CVE-2024-45077) -  

https://www.ibm.com/support/pages/node/7174819?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Software: Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload( CVE-2024-45088) –  

https://www.ibm.com/support/pages/node/7174818?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Software: Security Bulletin: IBM Maximo Asset Management application is vulnerable to allow a remote attacker to traverse directories on the system. (CVE-2024-45652) –  

https://www.ibm.com/support/pages/node/7174820?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 

 

Security bulletin: Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-45087) –  

https://www.ibm.com/support/pages/node/7176644?myns=swgother&mynp=OCSSLKT6&mynp=OCSSLL8M&mynp=OCSSWT9A&mynp=OCSS5RRF&mynp=OCSSLL9G&mynp=OCSSLL84&mynp=OCSSLL9Z&mynp=OCSSLKSJ&mynp=OCSSKVFR&mynp=OCSSG2D3&mynp=OCSSLLAM&mync=E&cm_sp=swgother-_-OCSSLKT6-OCSSLL8M-OCSSWT9A-OCSS5RRF-OCSSLL9G-OCSSLL84-OCSSLL9Z-OCSSLKSJ-OCSSKVFR-OCSSG2D3-OCSSLLAM-_-E 
View full post