IBM Cloud Pak for Multicloud Management Monitoring privilege escalation
CVE-2022-42438

7.5HIGH

Key Information:

Vendor: IBM
Status: Cloud Pak For Multicloud Management Monitoring
Vendor: CVE Published:; 8 February 2023

Summary

An access control vulnerability in IBM Cloud Pak for Multicloud Management versions 2.0 and 2.3 allows unauthorized users to access administrative functionalities by manipulating URL paths. This flaw may lead to significant security risks as users without appropriate permissions could perform sensitive tasks, potentially compromising the integrity and management of the cloud environment.

Affected Version(s)

Cloud Pak for Multicloud Management Monitoring 2.0, 2.3

References

https://www.ibm.com/support/pages/node/6909427

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/238210

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Oct 6, 2022