CSV Injection Vulnerability in IBM FileNet Content Manager
CVE-2020-4759
7HIGH
Summary
IBM FileNet Content Manager versions 5.5.4 and 5.5.5 contain a vulnerability that allows for CSV injection due to inadequate validation of CSV file contents. This situation could enable a remote attacker to execute arbitrary commands on the affected system, posing a significant security risk. Users are advised to implement appropriate security measures and update to newer, patched versions to mitigate this threat.
Affected Version(s)
FileNet Content Manager 5.5.4
FileNet Content Manager 5.5.5
References
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved