Lucene search

IbmCVELIST:CVE-2022-43900

HistoryDec 01, 2022 - 6:00 p.m.

CVE-2022-43900 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass

2022-12-0118:00:27

CWE-287

ibm

www.cve.org

ibm websphere

cloud pak

watson aiops

security bypass

cve-2022-43900

ibm x-force

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WebSphere Automation for IBM Cloud Pak for Watson AIOps",
    "vendor": " IBM",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/240827

www.ibm.com/support/pages/node/6842605

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-43900