Description
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention, the attacker could execute arbitrary code on the server. IBM X-Force ID: 191705.
CVSS breakdown
CVSS 3.0
Availability
High
Attack Vector
Local
User Interaction
None
Attack Complexity
Low
Privileges Required
High
Integrity
High
Scope
Unchanged
Confidentiality
High
RL
O
E
Unchanged
RC
Changed
Affected products
- ibm / cloud_pak_system2.3 – 2.3