CVE-2022-36769

CWE-77Command InjectionCWE-434Unrestricted File Upload3 documents3 sources
Severity
7.2HIGH
EPSS
0.2%
top 63.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK FOR Data
Timeline
PublishedApr 26

Description

IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_data4.5, 4.6
NVDibm/cloud_pak4.5, 4.6+1

🔴Vulnerability Details

2
CVEList
IBM Cloud Pak for Data file upload2023-04-26
GHSA
GHSA-xq44-vpm8-w66c: IBM Cloud Pak for Data 42023-04-26
CVE-2022-36769 (HIGH CVSS 7.2) | IBM Cloud Pak for Data 4.5 and 4.6 | cvebase.io