Primary

Context

IBM Maximo Asset Management Unrestricted File Upload Vulnerability

Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in the IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API. This issue allows authenticated users with low privileges to upload restricted file types by simply adding a dot at the end of the file name, but only when Maximo is installed on a Windows operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing for the execution of malicious files or scripts on the server.

Remediation

Users can upgrade to IBM Maximo Asset Management 7.6.1.3 iFix 7.6.1.3-TIV-MBS-IF015. Instructions for downloading this fix are available on the IBM Support Fix Central website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Maximo Asset Management Unrestricted File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Maximo Asset Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating