CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/259354
https://www.ibm.com/support/pages/node/7030357
https://exchange.xforce.ibmcloud.com/vulnerabilities/259354
https://www.ibm.com/support/pages/node/7030357

Configurations

No configuration.

History

21 Nov 2024, 08:08

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/259354 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/259354 -
References	~~() https://www.ibm.com/support/pages/node/7030357 -~~	() https://www.ibm.com/support/pages/node/7030357 -
Summary		(es) IBM Cloud Pak para automatización 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0 .3, 22.0.1 y 22.0.2 son potencialmente vulnerables a la inyección CSV. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, causados por una validación inadecuada del contenido del archivo csv. ID de IBM X-Force: 259354.

21 Mar 2024, 02:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-21 02:47

Updated : 2024-11-21 08:08

NVD link : CVE-2023-35899

Mitre link : CVE-2023-35899

CVE.ORG link : CVE-2023-35899

JSON object : View

Products Affected

No product.

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

7.0 /10