CSV Injection Vulnerability in IBM Cloud Pak System
CVE-2019-4521
7HIGH
Summary
The Platform System Manager in IBM Cloud Pak System 2.3 is susceptible to CSV injection due to inadequate validation of CSV file contents. This vulnerability allows a remote attacker to execute arbitrary commands on the system, posing significant security risks. Addressing this flaw is crucial to prevent potential exploitation by malicious actors.
Affected Version(s)
Cloud Pak System 2.3
References
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved