Site icon API Security Blog

Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)

## Summary

There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite.

## Vulnerability Details

**CVEID: **[CVE-2022-37734]()
**DESCRIPTION: **GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235781]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

## Affected Products and Versions

Affected Product(s) | Version(s)
—|—
IBM Maximo Application Suite – Manage Component |

MAS 8.8- Manage 8.4

## Remediation/Fixes

**For IBM Maximo Manage application in IBM Maximo Application Suite:**

Maximo Application Suite | Manage Patch Fix or Release
—|—
Upgrade to MAS version 8.8.5 or latest Patch Fix available | 8.4.5 or latest (available from the Catalog under Update Available)

## Workarounds and Mitigations

None

##Read More

Exit mobile version