First published: Fri Jun 07 2024(Updated: )
IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Engineering Lifecycle Optimization | <=7.0.3 | |
IBM | <=undefined | |
All of | ||
Any of | ||
IBM Engineering Lifecycle Optimization | =7.0.2 | |
IBM Engineering Lifecycle Optimization | =7.0.3 | |
Any of | ||
Linux Kernel | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-45188 is classified as a critical vulnerability due to the potential for remote file uploads by an attacker.
To mitigate CVE-2023-45188, update IBM Engineering Lifecycle Optimization - Publishing to a version higher than 7.0.3 or apply vendor-recommended patches.
CVE-2023-45188 allows attackers to upload arbitrary files, which could lead to remote code execution or unauthorized access to systems.
CVE-2023-45188 affects IBM Engineering Lifecycle Optimization - Publishing versions up to and including 7.0.3 and IBM 7.0.2.
CVE-2023-45188 may be exploitable without authentication, depending on the application's configuration and security controls.