JDOM upgrade
JDOM upgrade in Maximo® Manage 8.5 is recommended.
Problem
In Maximo Manage 8.5, JDOM was susceptible to a service denial. This JDOM vulnerability does not apply to Maximo Application Suite but affects Maximo Manage. In Maximo Manage 8.5, by sending a specially-crafted HTTP request, a remote attacker could use the JDOM vulnerability to block the service. The service denial is caused by an XXE issue in SAXBuilder. Affected platforms are JDOM JDOM 2.0.5 and JDOM JDOM 2.0.6.
Solution
The issue has been addressed in Maximo Manage 8.5.
Note: The JDOM upgrade may cause compatibility issues with your existing code. It is recommended to
recompile your code with the new JDOM provided with
Maximo Manage
8.5 to resolve any compilation
issues.
For more information, see National Vulnerability Database.