CVE-2023-22877: IBM InfoSphere Information Server CSV injection
First published: Mon Aug 28 2023(Updated: )
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
Credit: psirt@us.ibm.com psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Infosphere Information Server | >=11.7.0.0<11.7.1.0 | |
| Ibm Infosphere Information Server | >=11.7.0.0<11.7.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-22877.
What is the severity level of CVE-2023-22877?
The severity level of CVE-2023-22877 is high.
What is the affected software for CVE-2023-22877?
The affected software for CVE-2023-22877 is IBM InfoSphere Information Server 11.7.
How does CVE-2023-22877 impact the system?
CVE-2023-22877 allows a remote attacker to execute arbitrary commands on the system through improper validation of csv file contents.
How can I fix CVE-2023-22877?
To fix CVE-2023-22877, it is recommended to apply the necessary security updates provided by IBM.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/ibm
- canonical/ibm infosphere information server
- version/ibm infosphere information server/11.7.0.0