Description
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.
CVSS breakdown
CVSS 3.0
Confidentiality
High
Availability
High
User Interaction
Required
Privileges Required
None
Attack Vector
Local
Integrity
High
Scope
Unchanged
Attack Complexity
High
RL
O
RC
Changed
E
Unchanged
Affected products
- ibm / Spectrum Scale5.0 – 5.0
- ibm / Spectrum Scale5.1 – 5.1
- ibm / Spectrum Scale5.1.0.2 – 5.1.0.2
- ibm / Spectrum Scale5.0.5.6 – 5.0.5.6