Cross-Site Request Forgery in IBM Business Automation Workflow and Process Manager
CVE-2022-22361

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager; Business Automation Workflow
Vendor: CVE Published:; 31 May 2022

Summary

IBM Business Automation Workflow and Business Process Manager are susceptible to cross-site request forgery (CSRF), exposing users to the risk of attackers executing unauthorized commands on behalf of legitimate users. A successful exploit could lead to significant security breaches, allowing malicious interactions from trusted accounts without proper authorization.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 18.0.0.1

Business Automation Workflow 19.0.0.1

References

https://www.ibm.com/support/pages/node/6590411

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/220784

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 31, 2022
Vulnerability Reserved
Jan 3, 2022