Lucene search

IBM7A394F1A4425CD2357B042287E1F145A7541D367B97FA91E8DCBA3D8FCE6A1B7

HistoryOct 17, 2022 - 10:06 a.m.

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow - CVE-2022-35279

2022-10-1710:06:00

www.ibm.com

ibm business automation workflow

information disclosure

vulnerability

cve-2022-35279

security fix

ibm support

system upgrade

interim fix

cumulative fix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

19.7%

JSON

Summary

IBM Business Automation Workflow is vulnerable to an information disclosure attack.

Vulnerability Details

CVEID:CVE-2022-35279
**DESCRIPTION:**IBM Business Automation Workflow could disclose sensitive version information to authenticated users which could be used in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230537 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)	Status
IBM Business Automation Workflow containers	V22.0.1 - V22.0.1-IF001
V21.0.3 - V21.0.3-IF011
V21.0.2 all fixes
V20.0.0.2 all fixes
V20.0.0.1 all fixes	affected
IBM Business Automation Workflow traditional	V22.0.1
V21.0.1 - V21.0.3.x
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.0 - V18.0.0.2	affected	Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Remediation/Fixes

The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR65035 as soon as practical.

Affected Product(s)	Version(s)	Remediation / Fix
IBM Business Automation Workflow containers	V22.0.1	Apply 22.0.1-IF002
IBM Business Automation Workflow containers	V21.0.3	Apply 21.0.3-IF012
or upgrade to 22.0.1-IFTODO or later
IBM Business Automation Workflow containers	V21.0.2
V20.0.0.1 - V20.0.0.2	Upgrade to 21.0.3-IF012
or upgrade to 22.0.1-IF002 or later
IBM Business Automation Workflow traditional	V22.0.1	Apply JR65035
IBM Business Automation Workflow traditional	V21.0.3	Apply JR65035 (included in 21.0.3.1)
or upgrade to IBM Business Automation Workflow 22.0.1 or later
IBM Business Automation Workflow traditional	V21.0.2	Upgrade to IBM Business Automation Workflow 21.0.3 and apply JR65035
or upgrade to IBM Business Automation Workflow 22.0.1 or later
IBM Business Automation Workflow traditional	V20.0.0.2	Apply JR64828
or upgrade to IBM Business Automation Workflow 22.0.1 or later
IBM Business Automation Workflow traditional	V20.0.0.1	Upgrade to IBM Business Automation Workflow v20.0.0.2 and apply JR65035
or upgrade to IBM Business Automation Workflow 22.0.1 or later
IBM Business Automation Workflow traditional	V19.0.0.3	Apply JR64828
or upgrade to IBM Business Automation Workflow 22.0.1 or later
IBM Business Automation Workflow traditional	V18.0.0.1 - V18.0.0.2
V19.0.0.1 - V19.0.0.2	Upgrade to IBM Business Automation Workflow 19.0.0.3 and apply JR65035
or upgrade to IBM Business Automation Workflow 22.0.1 or later
IBM Business Automation Workflow traditional	V18.0.0.0	Apply JR64828
or upgrade to IBM Business Automation Workflow 22.0.1 or later

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_automation_workflowMatch18.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.1

ibmbusiness_automation_workflowMatch19.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.3

ibmbusiness_automation_workflowMatch20.0.0.1

ibmbusiness_automation_workflowMatch20.0.0.2

ibmbusiness_automation_workflowMatch21.0.2

ibmbusiness_automation_workflowMatch21.0.3

ibmbusiness_automation_workflowMatch22.0.1

VendorProductVersionCPE
ibmbusiness_automation_workflow18.0.0.0cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
ibmbusiness_automation_workflow18.0.0.1cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*
ibmbusiness_automation_workflow18.0.0.2cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.1cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.2cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.3cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:*
ibmbusiness_automation_workflow20.0.0.1cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:*:*:*:*
ibmbusiness_automation_workflow20.0.0.2cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:*:*:*:*
ibmbusiness_automation_workflow21.0.2cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:*:*:*:*
ibmbusiness_automation_workflow21.0.3cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	business_automation_workflow	18.0.0.0	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:::::::*
ibm	business_automation_workflow	18.0.0.1	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:::::::*
ibm	business_automation_workflow	18.0.0.2	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:::::::*
ibm	business_automation_workflow	19.0.0.1	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1:::::::*
ibm	business_automation_workflow	19.0.0.2	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2:::::::*
ibm	business_automation_workflow	19.0.0.3	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:::::::*
ibm	business_automation_workflow	20.0.0.1	cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:::::::*
ibm	business_automation_workflow	20.0.0.2	cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:::::::*
ibm	business_automation_workflow	21.0.2	cpe:2.3:a:ibm:business_automation_workflow:21.0.2:::::::*
ibm	business_automation_workflow	21.0.3	cpe:2.3:a:ibm:business_automation_workflow:21.0.3:::::::*

Rows per page:

1-10 of 111

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

19.7%

JSON

Related for 7A394F1A4425CD2357B042287E1F145A7541D367B97FA91E8DCBA3D8FCE6A1B7