IBM028945C47B4811C60C85AEF7F0A10817CC436BC44C470EF7FDFEE4FC6FBADC63Security Bulletin: Path traversal vulnerability affects IBM Business Monitor - CVE-2022-43864
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
50.2%
Summary
IBM Business Monitor is vulnerable to a Path Traversal attack in the Business Space component.
Vulnerability Details
CVEID:CVE-2022-43864
**DESCRIPTION:**IBM Business Automation Workflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239427 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Business Monitor | 8.5.5 |
| IBM Business Monitor | 8.5.6 |
| IBM Business Monitor | 8.5.7 |
Remediation/Fixes
The recommended solution is to apply the Interim Fix (iFix) containing the APAR DT172088 as soon as practical.
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
50.2%