CVE-2024-45077

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 24, 2025

CWE ID 98

Summary

CVE-2024-45077: IBM Maximo Asset Management 7.6.1.3's MXAPIASSET API is found to have an unrestricted file upload vulnerability. This issue allows authenticated low-privileged users to upload restricted file types by adding a dot to the end of the file name, specifically on Windows operating systems. Successful exploitation could lead to unintended file execution or data leakage. IBM urges users to install the available patch as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Maximo Asset Management

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/x9Sin9
https://www.cve.org/CVERecord?id=CVE-2024-45077
https://nvd.nist.gov/vuln/detail/CVE-2024-45077

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners