CVE-2024-45077 IBM Maximo Asset Management file upload

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system...

IBM Maximo Asset Management 安全漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

PT-2025-2682 · Ibm +1 · Ibm Maximo Asset Management +1

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6.1.3 Description: The issue concerns an unrestricted file upload vulnerability in the MXAPIASSET API. This vulnerability allows an authenticated low-privileged user to upload restricted file types by...

CVE-2024-45652

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-45652

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-45652 IBM Maximo Asset Management directory traversal

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-45652 IBM Maximo Asset Management directory traversal

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-45652

The CVE-2024-45652 issue affects IBM Maximo Asset Management MXAPIASSET API 7.6.1.3. A remote attacker can perform directory traversal by sending URLs containing dot-dot sequences (/../), enabling viewing of arbitrary files on the system. Multiple sources confirm the affected product/version and ...

IBM Maximo MXAPIASSET API 路径遍历漏洞

The IBM Maximo MXAPIASSET API is a remote asset monitoring application program interface from International Business Machines IBM. A path traversal vulnerability exists in the IBM Maximo MXAPIASSET API version 7.6.1.3, which originates from allowing a remote attacker to view arbitrary files on th...

Security Bulletin: IBM Maximo Application Suite and IBM Maximo Application Suite - Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282

Summary IBM Maximo Application Suite and IBM Maximo Application Suite -Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP...

Security Bulletin: IBM Maximo Application Suite -Iot Component uses multiple third party jars which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite -Iot Component uses commons-codec-1.9.jar,classgraph-4.8.78.jar,guava-19.0.jar,commons-io-2.8.0.jar,json-20160212.jar,httpclient-4.5.2.jar,cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-2976, CVE-2018-10237, CVE-2020-8908,...

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.x which is vulnerable information disclosure

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.x which is vulnerable information disclosure. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2023-33976

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl CVE-2023-33976. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-33976 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Detail...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314

Summary Security Bulletin:IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2024-45434)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

IBM Maximo Application Suite Cross-Site Scripting Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite. The vulnerability stems fro...

Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...

Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload (CVE-2024-45077)

Summary IBM Maximo MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. Vulnerability Details...

CVE-2024-45088

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...