CVE-2024-22328

Name of the Vulnerable Software and Affected Versions IBM Maximo Application Suite versions 8.10 through 8.11

Description The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Recommendations For versions 8.10 and 8.11, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional validation and sanitization of URL requests to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.