CVE-2022-35279

EUVD-2022-38169
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_automation_workflow
18.0.0.0 ≤
𝑥
≤ 18.0.0.2
ibmbusiness_automation_workflow
19.0.0.0 ≤
𝑥
≤ 19.0.0.3
ibmbusiness_automation_workflow
20.0.0.1
ibmbusiness_automation_workflow
20.0.0.1
ibmbusiness_automation_workflow
20.0.0.2
ibmbusiness_automation_workflow
20.0.0.2
ibmbusiness_automation_workflow
21.0.1
ibmbusiness_automation_workflow
21.0.2
ibmbusiness_automation_workflow
21.0.2
ibmbusiness_automation_workflow
21.0.3
ibmbusiness_automation_workflow
21.0.3:if002
ibmbusiness_automation_workflow
21.0.3:if005
ibmbusiness_automation_workflow
21.0.3:if006
ibmbusiness_automation_workflow
21.0.3:if007
ibmbusiness_automation_workflow
21.0.3:if008
ibmbusiness_automation_workflow
21.0.3:if009
ibmbusiness_automation_workflow
21.0.3:if010
ibmbusiness_automation_workflow
21.0.3:if011
ibmbusiness_automation_workflow
22.0.1
ibmbusiness_automation_workflow
22.0.1
ibmbusiness_automation_workflow
22.0.1:if001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/6829847
https://www.ibm.com/support/pages/node/6829847