Cross-Site Request Forgery Vulnerability in IBM WebSphere Automation for Cloud Pak for Watson AIOps
CVE-2022-22493
3.5LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 7 October 2022
Summary
IBM WebSphere Automation for Cloud Pak for Watson AIOps version 1.4.2 has a vulnerability that allows attackers to execute unauthorized commands by exploiting improper cookie attribute settings. This cross-site request forgery (CSRF) flaw poses a risk by potentially allowing malicious actors to perform actions on behalf of authenticated users without their consent.
Affected Version(s)
WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2
References
CVSS V3.1
Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved