CSV Injection Vulnerability in IBM Content Navigator
CVE-2018-1366

7.8HIGH

Key Information:

Vendor: IBM
Status: Content Navigator
Vendor: CVE Published:; 7 February 2018

What is CVE-2018-1366?

IBM Content Navigator versions 2.0 and 3.0 are prone to a CSV Injection vulnerability that can be exploited to manipulate data passed to spreadsheet applications. An attacker could leverage this vulnerability to inject malicious code, potentially leading to the execution of unauthorized commands when the victim opens the compromised CSV file in a spreadsheet program. This flaw poses significant risks as it opens pathways to exploit further vulnerabilities in downstream software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Content Navigator 3.0.0

Content Navigator 3.0.1

Content Navigator 2.0.2.8

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/137452

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22012674

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2018
Vulnerability Reserved
Dec 13, 2017

JSON

IBM

What is CVE-2018-1366?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.