CVE-2023-35899

moderate-risk

Published 2024-03-21

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

Do I need to act?

-

0.09% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (20)

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Cloud Pak For Business Automation

Affected Vendors

Ibm

References (4)

Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/259354

Vendor Advisory https://www.ibm.com/support/pages/node/7030357

Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/259354

Vendor Advisory https://www.ibm.com/support/pages/node/7030357

42

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 24/34 · High