HIGH🇵🇱 Wersja polska

CVE-2023-35899

CVSS 7.0v3.1pub. 2024-03-21upd. 2025-03-05

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • IBM Cloud Pak For Business Automation

    APP
    Ibm
    18.0.018.0.118.0.219.0.119.0.219.0.320.0.120.0.220.0.321.0.121.0.221.0.322.0.122.0.223.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-36094MEDIUM5.4ten sam produkt

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix...

CVE-2025-36436MEDIUM6.4ten sam produkt

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix...

CVE-2025-36093MEDIUM4.8ten sam produkt

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorize...

CVE-2025-36092MEDIUM6.5ten sam produkt

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a ...

CVE-2025-36091MEDIUM4.3ten sam produkt

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause da...