At a glance
- A critical security vulnerability was identified in Apache Commons BCEL used by IBM Maximo on 15th May.
- This vulnerability impacts all organisations running IBM Maximo - version 7.6.1
- COSOL's Managed Service Support team is currently assessing the impact for COSOL customers and will provide updates as the situation progresses with advice and suggested actions.
CVEID:Â CVE-2022-42920Â |Â Â CVSS Base score:Â 9.8Â |Â Â IBM Notification Date:Â 15th May 2023
IBM has advised of a critical security vulnerability relating to the Apache Commons BCEL used by IBM Maximo Asset Management - version 7.6.1. This vulnerability could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain control over the resulting bytecode.
COSOL is currently:
- assessing the vulnerability
- performing an impact assessment across our application portfolio and impacted customer base
- reviewing the suggested remediation actions
- closely monitoring product vendor announcements
What happens now:
COSOL will provide further updates via this article and through direct communications with our customers.
- For COSOLÂ Managed Services Support customers, you will be updated on the impact of this vulnerability, and actions required to mitigate any risk to your organisation.
- For COSOLÂ EAMaaS customer's, a separate notification will be issued with further information outlining the mitigation strategy and proposed timeline.
If you are not a COSOL EAMaaS or Managed Services Support customer, and would like assistance to apply this latest fix, please contact COSOL Support.
