Unrestricted File Upload Vulnerability in IBM Maximo Asset Management
CVE-2024-45077

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Asset Management
Vendor: CVE Published:; 24 January 2025

Summary

The IBM Maximo Asset Management product version 7.6.1.3 is affected by an unrestricted file upload vulnerability in the MXAPIASSET API. This flaw allows authenticated users with low privileges to upload restricted file types. The exploitation is notably simplified for installations on Windows operating systems, where users can circumvent file type restrictions by appending a dot to the filename. This can lead to serious security risks, including unauthorized access and potential system compromise.

Affected Version(s)

Maximo Asset Management 7.6.1.3

References

https://www.ibm.com/support/pages/node/7174819

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Aug 21, 2024