Описание
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:ibm:websphere_automation:1.7.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00069
Низкий
6.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-1236
CWE-1236
Связанные уязвимости
CVSS3: 6.5
github
почти 2 года назад
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623.
EPSS
Процентиль: 22%
0.00069
Низкий
6.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-1236
CWE-1236