CVE-2024-45652

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 19, 2025

CWE ID 22

Summary

CVE-2024-45652 is a vulnerability affecting IBM Maximo MXAPIASSET API version 7.6.1.3. This issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request containing "dot dot" sequences (/../). Successful exploitation could enable the attacker to view arbitrary files on the system. Organizations using this version of IBM Maximo MXAPIASSET API are advised to apply the available patch as soon as possible to mitigate this risk. Failure to do so could result in unauthorized file access and potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Maximo Asset Management

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yTwuwT
https://www.cve.org/CVERecord?id=CVE-2024-45652
https://nvd.nist.gov/vuln/detail/CVE-2024-45652

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners