Lucene search

IbmCVELIST:CVE-2022-36777

HistoryNov 22, 2023 - 6:28 p.m.

CVE-2022-36777 IBM Cloud Pak for Security information disclosure

2023-11-2218:28:11

CWE-200

ibm

www.cve.org

ibm cloud pak

security

information disclosure

vulnerability

ibm qradar suite software

authenticated user

sensitive information

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Security",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "1.10.11.0",
        "status": "affected",
        "version": "1.10.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QRadar Suite Software",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "1.10.16.0",
        "status": "affected",
        "version": "1.10.12.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/233665

www.ibm.com/support/pages/node/7080058

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

Related for CVELIST:CVE-2022-36777