Summary IBM Maximo MXAPIASSET API could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. Vulnerability Details CVEID:CVE-2024-45652 DESCRIPTION: IBM Maximo MXAPIASSET API could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/359367 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Maximo Asset Management| 7.6.1.3 Remediation/Fixes VRM| Fix Pack, Feature Pack, or Interim Fix| Download —|—|— 7.6.1.3| Maximo Asset Management 7.6.1.3 iFix: 7.6.1.3-TIV-MBS-IF025 or latest Interim Fix available | FixCentral Workarounds and Mitigations…Read More