Cross-Site Request Forgery Vulnerability in IBM WebSphere Automation for Cloud Pak for Watson AIOps
CVE-2022-22493

3.5LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 October 2022

Summary

IBM WebSphere Automation for Cloud Pak for Watson AIOps version 1.4.2 has a vulnerability that allows attackers to execute unauthorized commands by exploiting improper cookie attribute settings. This cross-site request forgery (CSRF) flaw poses a risk by potentially allowing malicious actors to perform actions on behalf of authenticated users without their consent.

Affected Version(s)

WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2

References

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.