CVE-2024-45077

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management version 7.6.1.3

Description The issue concerns an unrestricted file upload vulnerability in the MXAPIASSET API. This vulnerability allows an authenticated low-privileged user to upload restricted file types by adding a dot to the end of the file name, but only if the system is installed on a Windows operating system.

Recommendations For IBM Maximo Asset Management version 7.6.1.3, consider restricting access to the MXAPIASSET API to prevent low-privileged users from uploading files until a patch is available. As a temporary workaround, limit the types of files that can be uploaded through this API to minimize the risk of exploitation.