CVE-2023-35899: IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
ibm	cloud_pak_for_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—
ibm	cloud_pak_for_business_automation	—	—