CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
29.5%
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery. This has been addressed.
CVEID:CVE-2022-22493
**DESCRIPTION:**IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery, caused by improper cookie attribute setting.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226449 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
These vulnerabilities affect all versions of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps up to and including 1.4.2.
IBM strongly recommends addressing the vulnerability now by upgrading to 1.4.3 or higher.
Follow https://www.ibm.com/docs/en/ws-automation?topic=installing-validating-installation to confirm the WebSphere Automation operator version.
Follow <https://www.ibm.com/docs/en/ws-automation?topic=installing-updating-websphere-automation> to update the WebSphere Automation operator installation.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_automation_for_ibm_cloud_pak_for_watson_aiops | 1.4.2. | cpe:2.3:a:ibm:websphere_automation_for_ibm_cloud_pak_for_watson_aiops:1.4.2.:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
29.5%