CSV Injection Vulnerability in IBM Spectrum Scale Products
CVE-2021-29667

7HIGH

Key Information:

Vendor: IBM
Status: Spectrum Scale
Vendor: CVE Published:; 27 April 2021

What is CVE-2021-29667?

IBM Spectrum Scale versions 5.0.0 to 5.0.5.6 and 5.1.0 to 5.1.0.2 are susceptible to CSV injection vulnerabilities. This issue arises from inadequate validation of contents within CSV files, enabling a remote attacker to execute arbitrary commands on the affected system. Organizations using these versions of IBM Spectrum Scale should review their security protocols and ensure necessary updates are applied to mitigate this risk. For further details, refer to the IBM X-Force advisory.

Affected Version(s)

Spectrum Scale 5.0

Spectrum Scale 5.1

Spectrum Scale 5.1.0.2

References

https://www.ibm.com/support/pages/node/6447107

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199403

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2021
Vulnerability Reserved
Mar 31, 2021