CVE-2024-45077

Published Jan 24, 2025

Last updated a month ago

CVSS medium 6.5

Overview

Description
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

psirt@us.ibm.com
CWE-98

Social media

Hype score
Not currently trending

  1. CVE-2024-45077 IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file … https://t.co/M80jhBWmxN

    @CVEnew

    24 Jan 2025

    277 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References