fkie_nvd - fkie_cve-2022-35279

fkie_cve-2022-35279

Vulnerability from fkie_nvd

Published

2022-11-03 20:15

Modified

2025-05-02 21:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6829847	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6829847	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	business_automation_workflow	*
ibm	business_automation_workflow	*
ibm	business_automation_workflow	20.0.0.1
ibm	business_automation_workflow	20.0.0.1
ibm	business_automation_workflow	20.0.0.2
ibm	business_automation_workflow	20.0.0.2
ibm	business_automation_workflow	21.0.1
ibm	business_automation_workflow	21.0.2
ibm	business_automation_workflow	21.0.2
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	22.0.1
ibm	business_automation_workflow	22.0.1
ibm	business_automation_workflow	22.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "EBA0D501-8535-4CAF-BFAD-88AC5E1FBA03",
              "versionEndIncluding": "18.0.0.2",
              "versionStartIncluding": "18.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "9BBBCE4C-7230-4CF5-A9BA-1BB8F479E433",
              "versionEndIncluding": "19.0.0.3",
              "versionStartIncluding": "19.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:-:*:*:containers:*:*:*",
              "matchCriteriaId": "824ACC07-E351-437A-9FAB-7F2E47DE9205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:-:*:*:containers:*:*:*",
              "matchCriteriaId": "485FFABA-EF59-4C36-8B6E-E32A99C02381",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "83966976-3307-4B4C-AE62-7BF040BEF0F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "B2A3E3AF-14A2-44E6-A17F-ACD63B010E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:-:*:*:containers:*:*:*",
              "matchCriteriaId": "EB656C4F-19FC-4763-93C8-940A2B38B729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "D1DC801A-0F25-48D2-8465-31B5A0939EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*",
              "matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*",
              "matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*",
              "matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*",
              "matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*",
              "matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*",
              "matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*",
              "matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*",
              "matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
              "matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*",
              "matchCriteriaId": "69B77521-AF61-4711-9219-12D6DADB6F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if001:*:*:containers:*:*:*",
              "matchCriteriaId": "E2AEA4BA-C309-4069-9226-B86C1B68F93C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.\""
    },
    {
      "lang": "es",
      "value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3 y 22.0.1 podr\u00edan revelar informaci\u00f3n confidencial de la versi\u00f3n a usuarios autenticados que podr\u00eda usarse en futuros ataques contra el sistema. IBM X-Force ID: 230537.\""
    }
  ],
  "id": "CVE-2022-35279",
  "lastModified": "2025-05-02T21:15:17.870",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-03T20:15:28.853",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6829847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6829847"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2022-35279 (GCVE-0-2022-35279)

Vulnerability from cvelistv5

Published

2022-11-03 00:00

Modified

2025-05-02 20:22

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

Information Disclosure

Summary

References

►

URL

Tags

https://www.ibm.com/support/pages/node/6829847