IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE ID: CVE-2024-45652
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.5
Vendor: IBM
Product: Maximo Asset Management
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 21.5% (scored less or equal to compared to others)
EPSS Date: 2025-02-17 (when was this score calculated)