Remote Code Execution Vulnerability in IBM Cloud Pak for Security
CVE-2022-38387

7.1HIGH

Key Information:

Vendor: IBM
Status: Cloud Pak For Security
Vendor: CVE Published:; 11 November 2022

What is CVE-2022-38387?

IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.2.0 are vulnerable to a remote code execution exploit. An attacker with remote authenticated access can craft specific requests that allow the execution of arbitrary commands on the system. This vulnerability poses significant risks to system integrity and sensitive data management, prompting users to ensure timely updates and apply necessary security measures.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 < 1.10.2.0

References

https://www.ibm.com/support/pages/node/6833584

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/233786

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2022
Vulnerability Reserved
Aug 16, 2022

JSON