Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

  • Published: Mar 21, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2023-35899
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_003 21.0.3-interim_fix_003.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_006 21.0.3-interim_fix_006.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_005 21.0.3-interim_fix_005.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_001 21.0.3-interim_fix_001.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_007 21.0.3-interim_fix_007.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_004 21.0.3-interim_fix_004.x
ibm / cloud_pak_for_business_automation 21.0.3 21.0.3.x
ibm / cloud_pak_for_business_automation 18.0.0 18.0.0.x
ibm / cloud_pak_for_business_automation 18.0.2 18.0.2.x
ibm / cloud_pak_for_business_automation 19.0.1 19.0.1.x
ibm / cloud_pak_for_business_automation 19.0.3 19.0.3.x
ibm / cloud_pak_for_business_automation 20.0.1 20.0.1.x
ibm / cloud_pak_for_business_automation 20.0.3 20.0.3.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_002 21.0.3-interim_fix_002.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_008 21.0.3-interim_fix_008.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_009 21.0.3-interim_fix_009.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_010 21.0.3-interim_fix_010.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_011 21.0.3-interim_fix_011.x
ibm / cloud_pak_for_business_automation 18.0.1 18.0.1.x
ibm / cloud_pak_for_business_automation 19.0.2 19.0.2.x
ibm / cloud_pak_for_business_automation 20.0.2 20.0.2.x
ibm / cloud_pak_for_business_automation 21.0.1 21.0.1.x
ibm / cloud_pak_for_business_automation 21.0.2 21.0.2.x
ibm / cloud_pak_for_business_automation 22.0.1 22.0.1.x
ibm / cloud_pak_for_business_automation 22.0.2 22.0.2.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_023 21.0.3-interim_fix_023.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_012 21.0.3-interim_fix_012.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_013 21.0.3-interim_fix_013.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_014 21.0.3-interim_fix_014.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_015 21.0.3-interim_fix_015.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_016 21.0.3-interim_fix_016.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_017 21.0.3-interim_fix_017.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_018 21.0.3-interim_fix_018.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_019 21.0.3-interim_fix_019.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_020 21.0.3-interim_fix_020.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_021 21.0.3-interim_fix_021.x
ibm / cloud_pak_for_business_automation 21.0.3-interim_fix_022 21.0.3-interim_fix_022.x
ibm / cloud_pak_for_business_automation 23.0.1 23.0.1.x
ibm / cloud_pak_for_business_automation 23.0.1-interim_fix_001 23.0.1-interim_fix_001.x