Unrestricted File Upload Vulnerability in IBM Maximo Asset Management
CVE-2024-45077
6.5MEDIUM
What is CVE-2024-45077?
The IBM Maximo Asset Management product version 7.6.1.3 is affected by an unrestricted file upload vulnerability in the MXAPIASSET API. This flaw allows authenticated users with low privileges to upload restricted file types. The exploitation is notably simplified for installations on Windows operating systems, where users can circumvent file type restrictions by appending a dot to the filename. This can lead to serious security risks, including unauthorized access and potential system compromise.
Affected Version(s)
Maximo Asset Management 7.6.1.3