CVE-2024-45077

CWE-983 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 68.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Maximo Asset Management
Timeline
PublishedJan 24

Description

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/maximo_asset_management7.6.1.3

🔴Vulnerability Details

2
GHSA
GHSA-m7rj-x62g-9rjj: IBM Maximo Asset Management 72025-01-24
CVEList
IBM Maximo Asset Management file upload2025-01-24
CVE-2024-45077 (MEDIUM CVSS 6.5) | IBM Maximo Asset Management 7.6.1.3 | cvebase.io