Maximo Asset Management@7.6.1.3 Security Vulnerabilities and Issues — Maximo Asset Management@7.6.1.3 CVE List

Lucene search

IbmMaximo Asset Management7.6.1.3

4 matches found

CVE•added 2025/01/24 4:15 p.m.•81 views

CVE-2024-45077

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.

6.5CVSS6.5AI score0.00038EPSS

CVE•added 2025/01/19 3:15 a.m.•77 views

CVE-2024-45652

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

6.5CVSS6.4AI score0.00068EPSS

CVE•added 2025/04/22 12:15 a.m.•53 views

CVE-2025-2987

IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

3.8CVSS4AI score0.00031EPSS

CVE•added 2025/04/25 12:15 p.m.•45 views

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.5CVSS5.2AI score0.00036EPSS