IBM Maximo Application Suite Monitor Component Hardcoded Crypto Key Vulnerability (CVE-2024-38314)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: IBM Maximo Application Suite - Monitor Component is vulnerable to Hardcoded Crypto Key CVE-2024-38314. 2. CVE ID: CVE-2024-38314. 3. Description: IBM Maximo Application Suite - Monitor Component could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment. 4. CWE ID: CWE-321: Use of Hard-coded Cryptographic Key. 5. CVSS Base Score: 5.9. 6. Affected Products: - IBM Maximo Application Suite - Monitor Component - 8.11.12 or later (available via Update Available under Catalog) - 8.10.15 or later (available via Update Available under Catalog) - 9.0.4 or later (available via Update Available under Catalog) 7. Workarounds and Mitigations: None. 8. Notify of Future Security Advisories: Subscribe to My Notifications to receive important product support alerts. 9. Related Links: - Complete CVSS v3 Guide - On-line Calculator v3 - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog 10. Disclaimer: The CVSS scores provided by IBM are "as is" and without any warranty, express or implied, including but not limited to warranties of merchantability or fitness for a particular purpose. Customers are responsible for evaluating the impact of any actual or potential security vulnerabilities. IBM does not guarantee that all components included in its products or services have been updated. IBM periodically updates component records in its product/service catalog. If IBM identifies previously unrecognized components, it will address related vulnerabilities regardless of the CVE date. Referencing an older CVE ID does not indicate that the component has been used by IBM since that date, nor does it indicate that IBM was aware of the vulnerability prior to that date. IBM is reporting relevant vulnerabilities to customers to ensure they are informed. Affected products and versions listed in IBM security advisories are intended to include only those products and versions that are supported by IBM and have not exceeded their support or warranty period. Therefore, failure to mention unsupported or extended support products and versions in a security advisory does not constitute an obligation by IBM for those products or versions. Referencing one or more unsupported versions in a security advisory does not create an obligation for IBM to provide fixes for any unsupported or extended support products or versions.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Maximo Application Suite Monitor Component Hardcoded Crypto Key Vulnerability (CVE-2024-38314)