CVE-2023-28528

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.1 through 7.3 VIOS version 3.1

Description The issue exists due to the lack of neutralization of special elements used in the invscout command of the IBM AIX operating system. Exploitation of this issue may allow an attacker to execute arbitrary commands. A non-privileged local user could exploit the vulnerability in the invscout command.

Recommendations For IBM AIX versions 7.1 through 7.3, consider disabling the invscout command until a patch is available. For VIOS version 3.1, consider disabling the invscout command until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.