CVE-2022-22361

🗓️ 31 May 2022 15:45:13Reported by ibmType

IBM Business Automation Workflow and Process Manager versions 18.0.0.0 through 21.0.3 and 8.5.0.0 through 8.6.0.201803 are vulnerable to Cross-Site Request Forger

Reporter	Title	Published	Views	Family All 10
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2022	20 Jun 202213:10	–	ibm
IBM Security Bulletins	Security Bulletin: Cross-Site Request Forgery vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-22361	27 May 202206:43	–	ibm
ATTACKERKB	CVE-2022-22361	27 May 202200:00	–	attackerkb
Circl	CVE-2022-22361	31 May 202220:23	–	circl
CNNVD	IBM Business Process Manager和IBM Business Automation Workflow 跨站请求伪造漏洞	31 May 202200:00	–	cnnvd
CVE	CVE-2022-22361	31 May 202215:45	–	cve
EUVD	EUVD-2022-27507	3 Oct 202520:07	–	euvd
NVD	CVE-2022-22361	31 May 202216:15	–	nvd
OSV	CVE-2022-22361	31 May 202216:15	–	osv
Prion	Cross site request forgery (csrf)	31 May 202216:15	–	prion

[
  {
    "product": "Business Process Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.6.0.0"
      },
      {
        "status": "affected",
        "version": "8.5.0.0"
      },
      {
        "status": "affected",
        "version": "8.5.0.201706"
      },
      {
        "status": "affected",
        "version": "8.6.0.201803"
      }
    ]
  },
  {
    "product": "Business Automation Workflow",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "18.0.0.0"
      },
      {
        "status": "affected",
        "version": "18.0.0.1"
      },
      {
        "status": "affected",
        "version": "19.0.0.1"
      },
      {
        "status": "affected",
        "version": "19.0.0.3"
      },
      {
        "status": "affected",
        "version": "20.0.0.1"
      },
      {
        "status": "affected",
        "version": "20.0.0.2"
      },
      {
        "status": "affected",
        "version": "21.0.3"
      },
      {
        "status": "affected",
        "version": "21.0.1"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6590411
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/220784

31 May 2022 15:45Current

6.7Medium risk

Vulners AI Score6.7

CVSS 34.3

EPSS0.00329