7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.005 Low
EPSS
Percentile
75.9%
IBM UrbanCode Release is affected by CVE-2022-45143
CVEID:CVE-2022-45143
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By sending a specially-crafted request, an attacker could exploit this vulnerability to supply values that invalidated or manipulated the JSON output.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243565 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM UrbanCode Release | 6.2.5 - 6.2.5.7 |
IBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Release version 6.2.5.8 or above.
Affected Supporting Product(s)
|
Remediation/Fix
—|—
IBM UrbanCode Release 6.2.5 - 6.2.5.7
|
Download IBM UrbanCode Release 6.2.5.8 – Includes Apache Tomcat 8.5.84
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.005 Low
EPSS
Percentile
75.9%