2.3.0.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

CWE-1236

critical

NVD

Published: 2019-12-10

Updated: 2020-08-24

Summary

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Cloud PAK System 2.3.0.1 IBM Cloud PAK System 2.3	2

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.ibm.com/support/pages/node/1126605
https://exchange.xforce.ibmcloud.com/vulnerabilities/165179