Improper Neutralization of Formula Elements in a CSV File in IBM Cloud Pak for Business Automation

#VU80821 Improper Neutralization of Formula Elements in a CSV File in IBM Cloud Pak for Business Automation

Published: 2023-09-15

Vulnerability identifier: #VU80821

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35899

CWE-ID: CWE-1236

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM Cloud Pak for Business Automation
Server applications / Other server solutions

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of csv file contents. A remote unauthenticated attacker can execute arbitrary commands on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: All versions

External links
http://www.ibm.com/support/pages/node/7030357

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Pak for Business Automation