JDOM upgrade

JDOM upgrade in Maximo® Manage 8.5 is recommended.

Problem

In Maximo Manage 8.5, JDOM was susceptible to a service denial. This JDOM vulnerability does not apply to Maximo Application Suite but affects Maximo Manage. In Maximo Manage 8.5, by sending a specially-crafted HTTP request, a remote attacker could use the JDOM vulnerability to block the service. The service denial is caused by an XXE issue in SAXBuilder. Affected platforms are JDOM JDOM 2.0.5 and JDOM JDOM 2.0.6.

Solution

The issue has been addressed in Maximo Manage 8.5.

Note: The JDOM upgrade may cause compatibility issues with your existing code. It is recommended to recompile your code with the new JDOM provided with Maximo Manage 8.5 to resolve any compilation issues.

For more information, see National Vulnerability Database.