Improper Input Validation in IBM Cloud Pak for Security
CVE-2022-38385

7.1HIGH

Key Information:

Vendor
IBM
Status
Cloud Pak For Security
Vendor
CVE Published:
15 November 2022

Summary

IBM Cloud Pak for Security versions 1.10.0.0 to 1.10.2.0 are susceptible to a vulnerability that stems from improper input validation, allowing authenticated users to access highly sensitive information or execute unauthorized actions. This flaw can lead to significant security risks for organizations utilizing this platform.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 < 1.10.2.0

References

https://www.ibm.com/support/pages/node/6833586
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/233777
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.