Lucene search
HistoryFeb 08, 2023 - 7:15 p.m.
CVE-2022-42438
ibm cloud pak
multicloud management
monitoring
security vulnerability
admin access
url path vulnerability
cve-2022-42438
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.7%
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.
Affected configurations
Node
ibmcloud_pak_for_multicloud_management_monitoringMatch2.0
ORibmcloud_pak_for_multicloud_management_monitoringMatch2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cloud_pak_for_multicloud_management_monitoring | 2.0 | cpe:2.3:a:ibm:cloud_pak_for_multicloud_management_monitoring:2.0:*:*:*:*:*:*:* |
| ibm | cloud_pak_for_multicloud_management_monitoring | 2.3 | cpe:2.3:a:ibm:cloud_pak_for_multicloud_management_monitoring:2.3:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Cloud Pak for Multicloud Management Monitoring",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0, 2.3"
}
]
}
]Related
cvelist
cvelist
prion
prion
Code injection
2023-02-08 19:15:00
nvd
nvd
CVE-2022-42438
2023-02-08 19:15:11
cnvd
cnvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.7%
Related for CVE-2022-42438