Unrestricted File Upload in IBM Maximo 7.6.1.3 MXAPIASSET API (Windows)
CVE-2024-45077 Published on January 24, 2025
IBM Maximo Asset Management file upload
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
Vulnerability Analysis
CVE-2024-45077 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
What is a Remote file include Vulnerability?
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.
CVE-2024-45077 has been classified to as a Remote file include vulnerability or weakness.
Products Associated with CVE-2024-45077
Want to know whenever a new CVE is published for IBM Maximo Asset Management? stack.watch will email you.
Affected Versions
IBM Maximo Asset Management Version 7.6.1.3 is affected by CVE-2024-45077Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.