Arbitrary File Upload Vulnerability Affects IBM Engineering Lifecycle Optimization Publishing
CVE-2023-45188
6.5MEDIUM
Key Information
- Vendor
- IBM
- Status
- Engineering Lifecycle Optimization Publishing
- Vendor
- Published:
- 9 June 2024
Summary
IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751.
Affected Version(s)
Engineering Lifecycle Optimization Publishing = 7.0.2, 7.0.3
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
NONE
Integrity:
HIGH
Availability:
NONE
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database