Maximo Asset Management Spring4shell vulnerability

Question & Answer

Question

Does the Spring Framework (spring4shell) vulnerability affect Maximo Asset Management or Maximo Application Suite environments?

Answer

The vulnerability affects Spring instances with JDK versions 9.0 or higher.

WebSphere Application Server does not ship Spring MVC code. Maximo Asset Management is deployed to WebSphere versions 8.5.x or 9.0.x Those versions use JDK 8 (and earlier).

Maximo uses JDK 8.

Related Information

CVE-2022-22965 Detail

Spring Framework code execution

[{"Type":"MASTER","Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"ARM Category":[{"code":"a8m3p000000F81QAAS","label":"Maximo Application Suite->Security"},{"code":"a8m0z000000cvcNAAQ","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.1"},{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m3p000000F81QAAS","label":"Maximo Application Suite->Security"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Maximo Asset Management Spring4shell vulnerability

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?