Summary There is a vulnerability in graphql-java-20.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java (aka graphql-java) is vulnerable to a denial of service, caused by the failure to properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service. By using introspection queries, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/350222 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Application Suite – Manage Component| MAS 8.10.0 – Manage 8.6.0 IBM Maximo Application Suite – Manage Component| MAS 8.11.0 – Manage 8.7.0 IBM Maximo Application Suite – Manage Component| MAS 9.0.0 – Manage 9.0.0 Remediation/Fixes For IBM Maximo Manage application in IBM Maximo Application Suite: MAS| Manage Patch Fix or Release —|— Upgrade to MAS 8.10| Upgrade to Manage 8.6.18 or latest (available from the Catalog under Update Available) Upgrade to MAS 8.11| Upgrade to Manage 8.7.12 or latest (available from the Catalog under Update Available) Upgrade to MAS 9.0.0| Upgrade to Manage 9.0.3 or latest (available from the Catalog under Update Available) Workarounds and Mitigations…Read More