CSV Injection Vulnerability in IBM Content Navigator
CVE-2018-1366
7.8HIGH
Summary
IBM Content Navigator versions 2.0 and 3.0 are prone to a CSV Injection vulnerability that can be exploited to manipulate data passed to spreadsheet applications. An attacker could leverage this vulnerability to inject malicious code, potentially leading to the execution of unauthorized commands when the victim opens the compromised CSV file in a spreadsheet program. This flaw poses significant risks as it opens pathways to exploit further vulnerabilities in downstream software.
Affected Version(s)
Content Navigator 3.0.0
Content Navigator 3.0.1
Content Navigator 2.0.2.8
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved