CRITICAL🇵🇱 Wersja polska

CVE-2024-29375

CVSS 9.8v3.1pub. 2024-04-04upd. 2026-04-15

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.

🤖 AI Analysis
How it works

The attacker creates a specially crafted .ibnrs file containing malicious data in fields such as Project Description, Identifiers, Custom Triangle Name (in the Input Triangles section), and Yield Curve Name. This data contains formulas or character sequences characteristic of CSV Injection (CWE-1236), which are then interpreted and executed by the application or associated spreadsheet. As a result, arbitrary code can be executed on the victim's computer when they open the infected file.

Impact

Successful exploitation of this vulnerability allows an attacker to remotely execute arbitrary code (RCE) on the victim's system, which may lead to complete system takeover, data theft, or installation of malicious software.

Mitigation & patch

Apply patches available from the vendor according to the references. Additionally, it is recommended to exercise caution when opening .ibnrs files from untrusted sources.

Who is affected

Addactis IBNRS version 3.10.3.107

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References