CVE-2022-42435

Опубликовано: 04 янв. 2023

Источник: nvd

CVSS3: 4.3

CVSS3: 8.8

EPSS Низкий

Описание

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/238054
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6852217
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/238054
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6852217
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_automation_workflow:18.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:18.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:18.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:19.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:19.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:20.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:20.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:20.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if001:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if002:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if003:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if004:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if005:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if006:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if007:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if001:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if002:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if003:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if004:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if005:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if006:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if007:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if008:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if009:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if010:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if011:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if012:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if001:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if003:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if004:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if001:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if002:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if003:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if004:*:*:*:*:*:*

cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if005:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00109

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-q38h-5r99-h68w

CVSS3: 8.8

github

около 3 лет назад

EPSS

Процентиль: 30%

0.00109

Низкий

4.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352