Directory Traversal Vulnerability in IBM Maximo MXAPIASSET API
CVE-2024-45652

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Maximo Asset Management
Vendor: CVE Published:; 19 January 2025

Summary

The IBM Maximo MXAPIASSET API version 7.6.1.3 is susceptible to directory traversal, enabling remote attackers to exploit the system by crafting malicious URL requests. By utilizing 'dot dot' sequences (/../), an attacker may gain access to arbitrary files on the server. This vulnerability poses a significant risk as it could allow unauthorized users to read sensitive data, thus compromising the integrity and confidentiality of the system.

Affected Version(s)

Maximo Asset Management 7.6.1.3

References

https://www.ibm.com/support/pages/node/7174820

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2025
Vulnerability Reserved
Sep 3, 2024