CVE-2021-29667

Beschreibung:
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.

CWE: CWE-1236 CWE-78

CVSS-Bewertung
CVSS 2: MEDIUM – 6.8 (Version: 2.0)
CVSS 3: HIGH – 7.8 (Version: 3.1)

Links:

NVD – CVE-2021-29667
CVE – CVE-2021-29667

Link (max. 20) Quelle Tags
https://www.ibm.com/support/pages/node/6447107 CONFIRM Patch Vendor Advisory VDB Entry
ibm-spectrum-cve202129667-csv-injection (199403) XF VDB Entry Vendor Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-491/ MISC Third Party Advisory VDB Entry Vendor Advisory
[oss-security] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Patch Third Party Advisory
[ofbiz-dev] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Vendor Advisory Vendor Advisory
[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07 MLIST Mailing List Patch Vendor Advisory
[announce] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI MLIST Mailing List Vendor Advisory Vendor Advisory
[announce] 20210427 [CVE-2021-30128] Unsafe deserialization in OFBiz MLIST Mailing List Mitigation Vendor Advisory

Quelle: NVD – CVE-2021-29667
Datum Veröffentlichung: 2021-04-27T17:15Z, Datum letzte Änderung: 2021-05-05T20:34Z