Interloc Solutions Blog

Maximo Application Suite Security Bulletins March 2026

Written by Darlene Nerden | Mar 11, 2026 12:43:21 PM

IBM has released Maximo Application Suite Security Bulletins. The links to the bulletins are below. The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7261597?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses net/http 1.23.4,1.24.2,1.24.3,crypto/x509 1.24.2,1.24.3 which is vulnerable to CVE-2025-4673, CVE-2025-22874 –

https://www.ibm.com/support/pages/node/7261596?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7261756?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160 –

https://www.ibm.com/support/pages/node/7262077?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to multiple CVEs –

https://www.ibm.com/support/pages/node/7262078?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl, urllib3-2.6.1-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7262081?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726 –

https://www.ibm.com/support/pages/node/7262076?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161 –

https://www.ibm.com/support/pages/node/7262083?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses urllib3-2.6.1-py3-none-any.whl which is vulnerable to CVE-2026-21441 –

https://www.ibm.com/support/pages/node/7262082?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284 –

https://www.ibm.com/support/pages/node/7262079?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860 –

https://www.ibm.com/support/pages/node/7262080?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7262087?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735 –

https://www.ibm.com/support/pages/node/7262085?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Edge Data Collector uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490 –

https://www.ibm.com/support/pages/node/7262086?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701 –

https://www.ibm.com/support/pages/node/7262090?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM IBM Edge Data Collector uses azure_core-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226 –

https://www.ibm.com/support/pages/node/7262093?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which are vulnerable to CVEs –

https://www.ibm.com/support/pages/node/7262241?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221 –

https://www.ibm.com/support/pages/node/7262254?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66453) –

https://www.ibm.com/support/pages/node/7262258?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551 –

https://www.ibm.com/support/pages/node/7262279?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929 –

https://www.ibm.com/support/pages/node/7262281?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-1002) –

https://www.ibm.com/support/pages/node/7262392?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21860) –

https://www.ibm.com/support/pages/node/7262393?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21441) –

https://www.ibm.com/support/pages/node/7262395?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Security bulletin: Security Bulletin: There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2025-67735) –

https://www.ibm.com/support/pages/node/7262394?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

 
View full post