CVE-2023-42004

CWE-12366 documents4 sources
Severity
8.8HIGH
EPSS
0.1%
top 68.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedNov 28

Description

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/security_guardium11.3, 11.4, 11.5
NVDibm/security_guardium11.3, 11.4, 11.5+2

🔴Vulnerability Details

2
GHSA
GHSA-3g3f-pff6-g3m3: IBM Security Guardium 112023-11-28
CVEList
IBM Security Guardium CSV injection2023-11-28

📋Vendor Advisories

3
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Security Framework (jackson-databind) — CVE-2022-420042023-10-15
Oracle
Oracle Oracle Supply Chain Risk Matrix: Security (jackson-databind) — CVE-2022-420042023-07-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Apache Kafka) — CVE-2022-420042023-04-15
CVE-2023-42004 (HIGH CVSS 8.8) | IBM Security Guardium 11.3 | cvebase.io