How severe is CVE-2023-35899?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-35899?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2023-35899

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-1236

View all →

Vulnerability Description

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

CVE-2018-11652

CRITICAL

CVSS:9.8(Critical)

CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV re...

CWE-12362018

CVE-2018-20752

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a us...

CWE-12362018

CVE-2018-8092

CRITICAL

CVSS:9.8(Critical)

Mautic before 2.13.0 allows CSV injection.

CWE-12362018

CVE-2019-0403

CRITICAL

CVSS:9.8(Critical)

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

CWE-12362019