PT-2023-13496 · Ibm · Ibm Cloud Pak For Data
Andreas Pfefferle
+1
·
Published
2023-04-26
·
Updated
2023-05-04
·
CVE-2022-36769
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Pak for Data versions 4.5 through 4.6
Description
The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment.
Recommendations
For versions 4.5 and 4.6, consider restricting file upload capabilities to prevent the processing of malicious files until a patch is available.
As a temporary workaround, limit the privileges of users who can upload files to minimize the risk of exploitation.
Fix
Command Injection
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Cloud Pak For Data