CVE-2019-4521

Description

Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.

CVSS breakdown

CVSS 3.0

User Interaction

Required

Privileges Required

None

Confidentiality

High

Scope

Unchanged

Attack Complexity

High

Availability

High

Attack Vector

Local

Integrity

High

Unchanged

Changed

Affected products

ibm / cloud_pak_system2.3 – 2.3

References

MISChttps://www.ibm.com/support/pages/node/1126605
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/165179