CVE-2022-22361

Description

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Related CPE's

aibmbusiness_automation_workflow18.0.0.1*******

aibmbusiness_automation_workflow18.0.0.0*******

aibmbusiness_automation_workflow********

aibmbusiness_automation_workflow20.0.0.1*******

aibmbusiness_automation_workflow20.0.0.2*******

aibmbusiness_process_manager********

aibmbusiness_process_manager********

aibmbusiness_automation_workflow********

References

ibm-baw-cve202222361-csrf (220784)

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6590411

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

4.300000190734863

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io