IBM Maximo Manage Weak Encryption Vulnerability (CVE-2024-37068) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - CVE ID: CVE-2024-37068 - Description: The Manage component in IBM Maximo Application Suite (MAS) uses a weaker encryption algorithm than expected, which may allow attackers to decrypt highly sensitive information. 2. Vulnerability Impact: - Affected Component: Manage Component - Affected Software Versions: 8.10, 8.11, 9.0 3. Remediation: - Recommendation: Upgrade to MAS 8.8.X, MAS 8.9.X, or MAS 9.0.X. - Specific Recommendations: - Upgrade to MAS 8.8.X: Upgrade to Manage 8.6.16 or later (available from the catalog when updates are released). - Upgrade to MAS 8.9.X: Upgrade to Manage 8.7.10 or later (available from the catalog when updates are released). - Upgrade to MAS 9.0.X: Upgrade to Manage 9.0.1 or later (available from the catalog when updates are released). 4. Workflows and Mitigations: - Workflows: Not mentioned. - Mitigations: Not mentioned. 5. Notifications: - Subscribe to Notifications: Subscribe to My Notifications to receive important product support alerts. 6. Reference Information: - CVSS v3 Guide: Complete CVSS v3 guide. - Online Calculator: CVSS v3 online calculator. 7. Disclaimer: - Disclaimer: According to FIRST (Forum, Incident Response, and Security Teams), CVSS scoring is an "industry open standard" used to communicate vulnerability severity and help determine response urgency. The CVSS score provided by IBM is "as is" and does not include any express or implied warranties, including merchantability or fitness for a particular purpose. Customers are responsible for evaluating the impact of any actual or potential security vulnerabilities. IBM regularly updates component records included in its products. If IBM identifies previously unrecognized packages, they will be added to the product/service inventory, and related vulnerabilities will be addressed regardless of the CVE date. Affected products and versions are intended to include only those products and versions supported by IBM and not beyond their support or warranty period. Therefore, unsupported or extended support products and versions are not mentioned in security advisories. Mentioning one or more unsupported versions in a security advisory does not constitute IBM’s obligation to provide fixes for unsupported or extended support products or versions. This information provides a detailed description of the vulnerability, its impact, remediation steps, and related resources.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Maximo Manage Weak Encryption Vulnerability (CVE-2024-37068) Advisory