Vulnerabilities > CVE-2023-22877 - Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

CWE-1236

NVD

Published: 2023-08-28

Updated: 2023-08-31

Summary

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Infosphere Information Server * IBM Infosphere Information Server 11.7.1	2

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/244368
https://www.ibm.com/support/pages/node/6988623