Summary IBM Maximo Application Suite uses grpc-js-1.8.21.tgz which is vulnerable to CVE-2024-37168. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: gRPC on Node.js is vulnerable to a denial of service, caused by a flaw with memory allocation with excessive size value. By sending specially crafted messages, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294632 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Application Suite| 9.0 IBM Maximo Application Suite | 8.11 IBM Maximo Application Suite | 8.10 Remediation/Fixes Remediated Product(s)| Fix pack Version(s) —|— IBM Maximo Application Suite| 9.0.3 IBM Maximo Application Suite | 8.11.14 IBM Maximo Application Suite | 8.10.17 Workarounds and Mitigations…Read More