Important security alert

Clarita’s response to the Apache Commons BCEL security vulnerability (CVE-2022-42920)

Insight News by Tara Annesley /

At a glance

  • A critical security vulnerability was identified in Apache Commons BCEL used by IBM Maximo on 15th May.
  • This vulnerability impacts all organisations running IBM Maximo - version 7.6.1
  • Clarita's Managed Service Support team is currently assessing the impact for Clarita customers and will provide updates as the situation progresses with advice and suggested actions.

CVEID: CVE-2022-42920  |  CVSS Base score: 9.8  |  IBM Notification Date: 15th May 2023

IBM has advised of a critical security vulnerability relating to the Apache Commons BCEL used by IBM Maximo Asset Management - version 7.6.1.  This vulnerability could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain control over the resulting bytecode.

Clarita are currently:

  • assessing the vulnerability
  • performing an impact assessment across our application portfolio and impacted customer base
  • reviewing the suggested remediation actions
  • closely monitoring product vendor announcements

What happens now:

Clarita will provide further updates via this article and through direct communications with our customers.

  • For Clarita Managed Services Support customers, you will be updated on the impact of this vulnerability, and actions required to mitigate any risk to your organisation.
  • For Clarita EAMaaS customer's, a separate notification will be issued with further information outlining the mitigation strategy and proposed timeline.

If you are not a Clarita EAMaaS or Managed Services Support customer, and would like assistance to apply this latest fix, please contact Clarita Support.

Need immediate assistance?

Existing clients can log tickets through the Service Desk via phone, email or online portal.