CVE-2023-45188

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 through 7.0.3

Description The issue is caused by the improper validation of file extensions, allowing a remote attacker to upload arbitrary files. By sending a specially crafted request, a remote attacker could exploit this to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.

Recommendations For versions 7.0.2 and 7.0.3, update to a version that includes the fix for the improper validation of file extensions to prevent remote attackers from uploading arbitrary files. As a temporary workaround, consider restricting access to file upload functionality until a patch is available.