IBM Watson Knowledge Catalog CSV injection
CVE-2023-28958

7HIGH

Key Information:

Vendor: IBM
Status: Watson Knowledge Catalog On Cloud Pak For Data
Vendor: CVE Published:; 10 July 2023

Summary

The IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is susceptible to CSV Injection. This vulnerability arises from insufficient validation of CSV file contents, enabling a remote attacker to craft malicious CSV files that could execute arbitrary commands on the system. Proper mitigation strategies should be implemented to safeguard sensitive information and protect against unauthorized command execution.

Affected Version(s)

Watson Knowledge Catalog on Cloud Pak for Data 4.0

References

https://www.ibm.com/support/pages/node/7009747

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/251782

vdb-entry

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Mar 29, 2023