CVE-2024-45077

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
References
Link Resource
https://www.ibm.com/support/pages/node/7174819 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*

History

14 Aug 2025, 15:18

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*
Summary
  • (es) La API MXAPIASSET de IBM Maximo Asset Management 7.6.1.3 es vulnerable a la carga de archivos sin restricciones, lo que permite que usuarios autenticados con pocos privilegios carguen tipos de archivos restringidos con un método simple de agregar un punto al final del nombre del archivo si Maximo está instalado en el sistema operativo Windows sistema.
First Time Ibm maximo Asset Management
Ibm
References () https://www.ibm.com/support/pages/node/7174819 - () https://www.ibm.com/support/pages/node/7174819 - Vendor Advisory

24 Jan 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-24 16:15

Updated : 2025-08-14 15:18


NVD link : CVE-2024-45077

Mitre link : CVE-2024-45077

CVE.ORG link : CVE-2024-45077


JSON object : View

Products Affected

ibm

  • maximo_asset_management
CWE
CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')