IBM Business Automation Workflow information disclosure
CVE-2022-43864

7.5HIGH

Key Information:

Vendor
IBM
Status
Business Monitor
Vendor
CVE Published:
26 January 2023

Summary

IBM Business Automation Workflow version 22.0.2 is susceptible to a directory traversal vulnerability that enables an attacker to manipulate URL requests using 'dot dot' sequences (/../). This flaw allows unauthorized viewing of arbitrary files on the system, potentially exposing sensitive information. Proper input validation and safeguarding techniques are essential to mitigate the risk posed by this vulnerability, allowing for a more secure application environment.

Affected Version(s)

Business Monitor 8.5.5, 8.5.6, 8.5.7

References

https://www.ibm.com/support/pages/node/6857239
vendor-advisory
https://www.ibm.com/support/pages/node/6857223
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239427
vdb-entry

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.