Vulnerabilities > CVE-2020-4627 - Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cloud PAK for Security 1.3.0.1

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

CWE-1236

critical

NVD

Published: 2020-11-30

Updated: 2021-07-21

Summary

IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Cloud PAK FOR Security 1.3.0.1	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/185367
https://www.ibm.com/support/pages/node/6372538