7.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
0.001 Low
EPSS
Percentile
19.7%
There is a vulnerability in AWS SDK for Java that could allow a directory traversal . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.
CVEID:CVE-2022-31159
**DESCRIPTION:**AWS SDK for Java could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in the downloadDirectory method in the AWS S3 TransferManager component. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to write arbitrary files on the system.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Process Mining | 1.13.0.0 |
Remediation/Fixes guidance:
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Process Mining | 1.13.0.0 |
Upgrade to version 1.13.1
1.Login to PassPortAdvantage
2. Search for
M083FML Process Mining 1.13.1 Server Multiplatform Multilingual
3. Download package
4. Follow install instructions
5. Repeat for M083GML Process Mining 1.13.1 Client Windows Multilingual
| |
None known
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for automation | eq | 1.13.0.0 |
7.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
0.001 Low
EPSS
Percentile
19.7%