CVE-2024-45077

Published: Jan 24, 2025Modified: Aug 14, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.

Affected (1)

Products: Ibm: Maximo Asset Management

1 product

Maximo Asset Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Maximo Asset Management	Version 7.6.1.3

Related CWEs

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (1)

https://www.ibm.com/support/pages/node/7174819

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.