CVE-2017-1336Code Injection in IBM Biginsights

CWE-94Code InjectionCWE-1336Improper Neutralization of Special Elements Used in a Template Engine4 documents4 sources
Severity
4.4MEDIUMNVD
GHSA9.9
EPSS
0.3%
top 51.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM BiginsightsIBM Infosphere Biginsights
Timeline
PublishedDec 7
Latest updateApr 18

Description

IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 1.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/biginsights4.2.0

🔴Vulnerability Details

3
GHSA
Shopware Has Improper Control of Generation of Code in Twig rendered views2023-04-18
GHSA
GHSA-x858-rx52-6qvm: IBM Infosphere BigInsights 42022-05-14
CVEList
CVE-2017-1336: IBM Infosphere BigInsights 42017-12-07
CVE-2017-1336 — Code Injection in IBM Biginsights | cvebase