PT-2023-13496 · Ibm · Ibm Cloud Pak For Data

Andreas Pfefferle

Publicado

2023-04-26

Atualizado

2023-05-04

CVE-2022-36769

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Data versions 4.5 through 4.6

Description The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment.

Recommendations For versions 4.5 and 4.6, consider restricting file upload capabilities to prevent the processing of malicious files until a patch is available. As a temporary workaround, limit the privileges of users who can upload files to minimize the risk of exploitation.

Correção

Command Injection

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-434

Identificadores relacionados

CVE-2022-36769

Produtos afetados

Ibm Cloud Pak For Data

PT-2023-13496 · Ibm · Ibm Cloud Pak For Data

CVE-2022-36769

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6