CVE-2022-42435 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
ibm	CNA	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Vendor	Product	Version
ibm	business_automation_workflow	18.0.0
ibm	business_automation_workflow	18.0.1
ibm	business_automation_workflow	18.0.2
ibm	business_automation_workflow	19.0.1
ibm	business_automation_workflow	19.0.2
ibm	business_automation_workflow	19.0.3
ibm	business_automation_workflow	20.0.1
ibm	business_automation_workflow	20.0.2
ibm	business_automation_workflow	20.0.3
ibm	business_automation_workflow	21.0.1
ibm	business_automation_workflow	21.0.1:if001
ibm	business_automation_workflow	21.0.1:if002
ibm	business_automation_workflow	21.0.1:if003
ibm	business_automation_workflow	21.0.1:if004
ibm	business_automation_workflow	21.0.1:if005
ibm	business_automation_workflow	21.0.1:if006
ibm	business_automation_workflow	21.0.1:if007
ibm	business_automation_workflow	21.0.2
ibm	business_automation_workflow	21.0.2:if001
ibm	business_automation_workflow	21.0.2:if002
ibm	business_automation_workflow	21.0.2:if003
ibm	business_automation_workflow	21.0.2:if004
ibm	business_automation_workflow	21.0.2:if005
ibm	business_automation_workflow	21.0.2:if006
ibm	business_automation_workflow	21.0.2:if007
ibm	business_automation_workflow	21.0.2:if008
ibm	business_automation_workflow	21.0.2:if009
ibm	business_automation_workflow	21.0.2:if010
ibm	business_automation_workflow	21.0.2:if011
ibm	business_automation_workflow	21.0.2:if012
ibm	business_automation_workflow	21.0.3
ibm	business_automation_workflow	21.0.3:if001
ibm	business_automation_workflow	21.0.3:if002
ibm	business_automation_workflow	21.0.3:if003
ibm	business_automation_workflow	21.0.3:if004
ibm	business_automation_workflow	21.0.3:if005
ibm	business_automation_workflow	21.0.3:if006
ibm	business_automation_workflow	21.0.3:if007
ibm	business_automation_workflow	21.0.3:if008
ibm	business_automation_workflow	21.0.3:if009
ibm	business_automation_workflow	21.0.3:if010
ibm	business_automation_workflow	21.0.3:if011
ibm	business_automation_workflow	21.0.3:if012
ibm	business_automation_workflow	21.0.3:if013
ibm	business_automation_workflow	21.0.3:if014
ibm	business_automation_workflow	21.0.3:if015
ibm	business_automation_workflow	22.0.1
ibm	business_automation_workflow	22.0.1:if001
ibm	business_automation_workflow	22.0.1:if002
ibm	business_automation_workflow	22.0.1:if003
ibm	business_automation_workflow	22.0.1:if004
ibm	business_automation_workflow	22.0.1:if005

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/238054

https://www.ibm.com/support/pages/node/6852217

https://exchange.xforce.ibmcloud.com/vulnerabilities/238054

https://www.ibm.com/support/pages/node/6852217