CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-45077: IBM Maximo Asset Management file upload

6.5 CVSS

Description

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.

Classification

CVE ID: CVE-2024-45077

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

Affected Products

Vendor: IBM

Product: Maximo Asset Management

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.65% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

https://www.ibm.com/support/pages/node/7174819

Timeline

2025-01-25 00:30:20 UTC
CVE

IBM Maximo Asset Management file upload