Interloc Solutions Blog

Maximo Security Bulletins

Written by Darlene Nerden | Apr 10, 2024 2:30:43 AM

Maximo Application Suite Security Bulletins 

IBM has released Maximo Application Suite Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability. 

Software: Security Bulletin: IBM Maximo Application Suite uses ion-java-1.2.0.jar which is vulnerable to CVE-2024-21634 –  

https://www.ibm.com/support/pages/node/7145729?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Software: Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328) –  

https://www.ibm.com/support/pages/node/7147543?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Software: Security Bulletin: There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-20918, CVE-2024-20926 and CVE-2024-20952) –  

https://www.ibm.com/support/pages/node/7147544?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Software: Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to stored cross-site scripting (CVE-2023-38723) - 

https://www.ibm.com/support/pages/node/7147545?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Software: Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-44487) –  

https://www.ibm.com/support/pages/node/7147549?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E

Software: Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity (XXE) attack (CVE-2024-27266) –  

https://www.ibm.com/support/pages/node/7147555?myns=swgother&mynp=OCSSRHPA&mync=E&cm_sp=swgother-_-OCSSRHPA-_-E 

 

Maximo Asset Management 7.6.1x Security Bulletins  

IBM has released Maximo Asset Management Security Bulletins this week.  The links to the bulletins are below.  The bulletins contain information regarding when, where, and/or how to address the vulnerability.

Software: Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application (CVE-2023-44487) -  

https://www.ibm.com/support/pages/node/7147550?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E

Software: Security Bulletin: There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application (CVE-2024-21634) –  

https://www.ibm.com/support/pages/node/7147553?myns=swgother&mynp=OCSSLKT6&mync=E&cm_sp=swgother-_-OCSSLKT6-_-E 
View full post