Lucene search

IbmCVELIST:CVE-2022-38387

HistoryNov 11, 2022 - 6:16 p.m.

CVE-2022-38387

2022-11-1118:16:00

CWE-78

ibm

www.cve.org

ibm cloud pak

security

remote execution

authenticated attacker

command execution

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

56.3%

JSON

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Security",
    "vendor": "IBM",
    "versions": [
      {
        "lessThan": "1.10.2.0",
        "status": "affected",
        "version": "1.10.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/233786

www.ibm.com/support/pages/node/6833584

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

8.6

Confidence

High

EPSS

0.002

Percentile

56.3%

JSON

Related for CVELIST:CVE-2022-38387