CVE-2024-43191

HIGH

IBM ManageIQ - Command Injection

Title source: llm

Description

IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7170411

Scores

CVSS v3 7.2

EPSS 0.0023

EPSS Percentile 45.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (9)

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

ibm/cloud_pak_for_multicloud_management_monitoring

Timeline

Published Sep 26, 2024

Tracked Since Feb 18, 2026