Lucene search

IbmVULNRICHMENT:CVE-2022-38714

HistoryFeb 12, 2024 - 5:41 p.m.

CVE-2022-38714 IBM DataStage on Cloud Pak for Data information disclosure

2024-02-1217:41:24

ibm

github.com

ibm datastage

cloud pak for data

sensitive information

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "DataStage on Cloud Pak for Data",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.6",
        "versionType": "semver",
        "lessThanOrEqual": "4.5.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/235060

www.ibm.com/support/pages/node/6618039

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-38714