PT-2024-22567 · Ibm · Ibm Websphere Automation

Published

2024-05-01

Updated

2025-03-21

CVE-2024-28764

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM WebSphere Automation version 1.7.0

Description The issue allows an attacker with privileged access to the network to conduct a CSV injection, potentially executing arbitrary commands on the system. This is caused by improper validation of csv file contents.

Recommendations For IBM WebSphere Automation version 1.7.0, as a temporary workaround, consider restricting access to the csv file contents until a patch is available. Additionally, assess the impact of the vulnerability and prioritize patching to mitigate the risk of remote attack.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2024-28764

Affected Products

Ibm Websphere Automation

PT-2024-22567 · Ibm · Ibm Websphere Automation

CVE-2024-28764

Weakness Enumeration

Related Identifiers

Affected Products

References · 9