Unauthorized Actions possible due to CSV File Modification
CVE-2024-31892

7.5HIGH

Key Information:

Vendor: IBM
Status: Storage Scale
Vendor: CVE Published:; 14 December 2024

What is CVE-2024-31892?

A vulnerability exists in specific versions of IBM Storage Scale GUI that allows unauthorized actions by intercepting and modifying CSV files. This issue arises due to improper neutralization of formula elements, potentially enabling malicious users to exploit the system through crafted CSV content. The affected versions range from 5.1.9.0 to 5.1.9.6 and 5.2.0.0 to 5.2.1.1, highlighting the need for immediate attention to mitigate potential security risks.

Affected Version(s)

Storage Scale 5.1.9.0 <= 5.1.9.6

Storage Scale 5.2.0.0 <= 5.2.1.1

References

https://www.ibm.com/support/pages/node/7178098

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2024
Vulnerability Reserved
Apr 7, 2024