Lucene search

IbmCVELIST:CVE-2022-38387

HistoryNov 11, 2022 - 6:16 p.m.

CVE-2022-38387

2022-11-1118:16:00

CWE-78

ibm

www.cve.org

ibm cloud pak

security

remote execution

authenticated attacker

command execution

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.3%

JSON

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Security",
    "vendor": "IBM",
    "versions": [
      {
        "lessThan": "1.10.2.0",
        "status": "affected",
        "version": "1.10.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/233786

www.ibm.com/support/pages/node/6833584

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVELIST:CVE-2022-38387