What is the severity of CVE-2024-45077?

The severity of CVE-2024-45077 is high due to the ability of low privileged users to upload restricted file types.

How do I fix CVE-2024-45077?

To fix CVE-2024-45077, ensure that file uploads are properly validated and do not allow unrestricted file types.

Who is affected by CVE-2024-45077?

CVE-2024-45077 affects users of IBM Maximo Asset Management versions up to and including 7.6.1.3 who are running on Windows.

What is the type of vulnerability in CVE-2024-45077?

CVE-2024-45077 is classified as an unrestricted file upload vulnerability.

Can the exploit of CVE-2024-45077 be mitigated?

Yes, mitigating the exploit for CVE-2024-45077 involves enforcing strict file validation and implementing security measures on file uploads.

Vulnerability/
CVE-2024-45077

medium

6.5

CWE

5/11/2024

24/1/2025

12/2/2025

CVE-2024-45077: IBM Maximo Asset Management file upload

First published: Tue Nov 05 2024(Updated: )

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Maximo Asset Management
IBM Maximo Asset Management	<=7.6.1.3

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7174819

Frequently Asked Questions

What is the severity of CVE-2024-45077?
The severity of CVE-2024-45077 is high due to the ability of low privileged users to upload restricted file types.
How do I fix CVE-2024-45077?
To fix CVE-2024-45077, ensure that file uploads are properly validated and do not allow unrestricted file types.
Who is affected by CVE-2024-45077?
CVE-2024-45077 affects users of IBM Maximo Asset Management versions up to and including 7.6.1.3 who are running on Windows.
What is the type of vulnerability in CVE-2024-45077?
CVE-2024-45077 is classified as an unrestricted file upload vulnerability.
Can the exploit of CVE-2024-45077 be mitigated?
Yes, mitigating the exploit for CVE-2024-45077 involves enforcing strict file validation and implementing security measures on file uploads.

agent/weakness
agent/title
agent/type
agent/references
agent/softwarecombine
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/source
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/guess-ai
vendor/ibm
canonical/ibm maximo asset management
version/ibm maximo asset management/7.6.1.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.