CVE-2019-4582

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.6.0 through 7.6.1

Description The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Recommendations For IBM Maximo Asset Management versions 7.6.0 through 7.6.1, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional validation on URL requests to prevent "dot dot" sequence attacks.