CVE-2019-4521Improper Neutralization of Formula Elements in a CSV File in IBM Cloud PAK System

CWE-1236Improper Neutralization of Formula Elements in a CSV File3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.0%
top 22.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK System
Timeline
PublishedDec 10
Latest updateMay 24

Description

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cloud_pak_system2.3
NVDibm/cloud_pak_system2.3, 2.3.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-hp2p-gr52-7qp5: Platform System Manager in IBM Cloud Pak System 22022-05-24
CVEList
CVE-2019-4521: Platform System Manager in IBM Cloud Pak System 22019-12-10
CVE-2019-4521 — IBM Cloud PAK System vulnerability | cvebase