6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
62.2%
IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
CVEID:CVE-2022-1996
**DESCRIPTION:**go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS Filter feature. By sending a specially-crafted request using the AllowedDomains parameter, an attacker could exploit this vulnerability to break CORS policy and allow any page to make requests.
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228317 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Edge Application Manager | 4.4 |
IBM Edge Application Manager | 4.3 |
The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.
None
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
62.2%