Medium Severity

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to Host Header Injection (CVE-2021-29854)

Share this post:

IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to Host header injection.

CVE(s): CVE-2021-29854

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product and IBM Maximo Manage Application in IBM Maximo Application Suite.  Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.

Product versions affected:

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.1.1
IBM Maximo Asset Management 7.6.1.2
Maximo Manage Application in IBM Maximo Application Suite MAS 8.7-Manage 8.3

* To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Platform Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6579187
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205680

More stories

Security Bulletin: IBM Workload Scheduler is vulnerable to arbitrary file creation vulnerability due to CVE-2022-22369 affecting JLOG component

August 8, 2022 | Medium Severity

The Jlog component on the Master Domain Manager of IBM Workload Scheduler permits an unauthenticated user to interact with the system making it possible to modify the way the service works or modify system files. ...read more


Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

August 8, 2022 | Medium Severity

Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. ...read more


Security Bulletin: Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler.

August 8, 2022 | Medium Severity

Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler. This issue was disclosed as part of the Oracle October 2021 Critical Patch Update. ...read more