CVE-2022-35279

EPSS 0.06%
Published 03.11.2022 20:15:28
Last modified 02.05.2025 21:15:17
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 18.0.0.0 <= 18.0.0.2

Ibm ≫ Business Automation Workflow SwEditiontraditional Version >= 19.0.0.0 <= 19.0.0.3

Ibm ≫ Business Automation Workflow Version20.0.0.1 SwEditiontraditional

Ibm ≫ Business Automation Workflow Version20.0.0.1 Update- SwEditioncontainers

Ibm ≫ Business Automation Workflow Version20.0.0.2 SwEditiontraditional

Ibm ≫ Business Automation Workflow Version20.0.0.2 Update- SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.1 SwEditiontraditional

Ibm ≫ Business Automation Workflow Version21.0.2 SwEditiontraditional

Ibm ≫ Business Automation Workflow Version21.0.2 Update- SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 SwEditiontraditional

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif002 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif005 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif006 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif007 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif008 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif009 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif010 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version21.0.3 Updateif011 SwEditioncontainers

Ibm ≫ Business Automation Workflow Version22.0.1 SwEditiontraditional

Ibm ≫ Business Automation Workflow Version22.0.1 Update- SwEditioncontainers

Ibm ≫ Business Automation Workflow Version22.0.1 Updateif001 SwEditioncontainers

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.185

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.ibm.com/support/pages/node/6829847

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-35279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35279

EUVD