CSV Injection Vulnerability in IBM FileNet Content Manager
CVE-2020-4759

7HIGH

Key Information:

Vendor: IBM
Status: Filenet Content Manager
Vendor: CVE Published:; 9 November 2020

Summary

IBM FileNet Content Manager versions 5.5.4 and 5.5.5 contain a vulnerability that allows for CSV injection due to inadequate validation of CSV file contents. This situation could enable a remote attacker to execute arbitrary commands on the affected system, posing a significant security risk. Users are advised to implement appropriate security measures and update to newer, patched versions to mitigate this threat.

Affected Version(s)

FileNet Content Manager 5.5.4

FileNet Content Manager 5.5.5

References

https://www.ibm.com/support/pages/node/6336917

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/188736

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2020
Vulnerability Reserved
Dec 30, 2019