CSV Injection Vulnerability in IBM Cloud Pak System
CVE-2019-4521

7HIGH

Key Information:

Vendor
IBM
Status
Cloud Pak System
Vendor
CVE Published:
10 December 2019

Summary

The Platform System Manager in IBM Cloud Pak System 2.3 is susceptible to CSV injection due to inadequate validation of CSV file contents. This vulnerability allows a remote attacker to execute arbitrary commands on the system, posing significant security risks. Addressing this flaw is crucial to prevent potential exploitation by malicious actors.

Affected Version(s)

Cloud Pak System 2.3

References

https://www.ibm.com/support/pages/node/1126605
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/165179
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.