CVE-2023-35899: IBM Cloud Pak for Automation CSV injection
First published: Fri Sep 01 2023(Updated: )
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Business Automation | <=V23.0.1 - V23.0.1-IF001 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF023 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-35899?
The severity of CVE-2023-35899 is classified as high due to the potential for remote code execution.
How do I fix CVE-2023-35899?
To fix CVE-2023-35899, ensure you upgrade to the latest version of IBM Cloud Pak for Business Automation that addresses this vulnerability.
Who is affected by CVE-2023-35899?
CVE-2023-35899 affects users of IBM Cloud Pak for Automation versions 18.0.0 to 22.0.2.
What kind of attack is possible with CVE-2023-35899?
CVE-2023-35899 allows a remote attacker to execute arbitrary commands on the system due to CSV injection.
When was CVE-2023-35899 disclosed?
CVE-2023-35899 was disclosed in 2023 as a vulnerability in the IBM Cloud Pak for Automation products.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm cloud pak for business automation
- version/ibm cloud pak for business automation/v23.0.1 - v23.0.1-if001
- version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if023
- version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if006 and later fixes v22.0.1 - v22.0.1-if006 and later fixes v21.0.2 - v21.0.2-if012 and later fixes v21.0.1 - v21.0.1-if007 and later fixes v20.0.1 - v20.0.3 and later fixes v19.0.1 - v19.0.3 and later fixes v18.0.0 - v18.0.2 and later fixes