Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0344344C5BC1E5BD76915E58268A7771FE5523A39AC168718FA30C6F4E2E5B5F
HistoryMar 10, 2023 - 6:29 p.m.

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

2023-03-1018:29:38
www.ibm.com
28
ibm cloud pak for business automation
ifixes
security vulnerabilities
denial of service
snakeyaml
golang go
node.js http-cache-semantics
ibm business automation workflow

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.102

Percentile

95.1%

JSON

Summary

In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002.

Vulnerability Details

CVEID:CVE-2022-38749
**DESCRIPTION:**SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235313 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-32149
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a specially-crafted Accept-Language header, a remote attacker could exploit this vulnerability to cause ParseAcceptLanguage to take significant time to parse, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238605 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-25881
**DESCRIPTION:**Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input using request header values, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246089 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-22860
**DESCRIPTION:**IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244100 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-25857
**DESCRIPTION:**Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234864 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-38750
**DESCRIPTION:**SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235312 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-38751
**DESCRIPTION:**SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-38752
**DESCRIPTION:**SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235310 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-41854
**DESCRIPTION:**snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240890 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-42003
**DESCRIPTION:**FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237662 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-42004
**DESCRIPTION:**FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the BeanDeserializer._deserializeFromArray function. By sending a specially-crafted request using deeply nested arrays, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237660 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-30633
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Unmarshal in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233146 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-28131
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Decoder.Skip in encoding/xml due to stack exhaustion. By parsing a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233141 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41716
**DESCRIPTION:**Golang Go could allow a remote attacker to bypass security restrictions, caused by improper checking for invalid environment variable values in syscall.StartProcess and os/exec.Cmd. By using a specially-crafted environment variable value, an attacker could exploit this vulnerability to set a value for a different environment variable.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240206 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-3602
**DESCRIPTION:**OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By using a specially-crafted email address, a remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239161 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3786
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a stack based buffer overflow during X.509 certificate verification. By using a specially-crafted email address in a certificate, a remote attacker could exploit this vulnerability to cause a TLS client to crash, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239165 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s) Status
IBM Cloud Pak for Business Automation V22.0.2 - V22.0.2-IF001 affected
IBM Cloud Pak for Business Automation V21.0.3 - V21.0.3-IF017 affected
IBM Cloud Pak for Business Automation V22.0.1 - V22.0.1-IF006 and later fixes
V21.0.2 - V21.0.2-IF012 and later fixes
V21.0.1 - V21.0.1-IF007 and later fixes
V20.0.1 - V20.0.3 and later fixes
V19.0.1 - V19.0.3 and later fixes
V18.0.0 - V18.0.2 and later fixes affected

Remediation/Fixes

Any open source library may be included in one or more sub-components of IBM Cloud Pak for Business Automation. Open source updates are not always synchronized across all components. The CVE in this bulletin are specifically addressed by

CVE ID Addressed in component
CVE-2022-3786 Business Automation Studio Component
CVE-2022-25857 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-25881 Automation Decision Services Component
CVE-2022-28131 Business Teams Service
CVE-2022-30633 Business Teams Service
CVE-2022-32149 Business Teams Service
CVE-2022-3602 Business Automation Studio Component
CVE-2022-38749 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-38750 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-38751 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-38752 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-41716 Business Teams Service
CVE-2022-41854 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-42003 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2022-42004 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
CVE-2023-22860 Business Automation Studio Component, Business Automation Workflow Component, Workflow Process Services Component
Affected Product(s) Version(s) Remediation / Fix
IBM Cloud Pak for Business Automation V22.0.2 - V22.0.2-IF002 Apply security fix 22.0.2-IF002
IBM Cloud Pak for Business Automation V21.0.3 - V21.0.3-IF018 Apply security fix 21.0.3-IF018 or upgrade to 22.0.2-IF002
IBM Cloud Pak for Business Automation V21.0.1 - V21.0.1-IF008
V20.0.1 - V20.0.3
V19.0.1 - V19.0.3
V18.0.0 - V18.0.2 Upgrade to 21.0.3-IF018 or 22.0.2-IF002

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_automationMatch18.0.0
OR
ibmcloud_pak_for_automationMatch18.0.1
OR
ibmcloud_pak_for_automationMatch18.0.2
OR
ibmcloud_pak_for_automationMatch19.0.1
OR
ibmcloud_pak_for_automationMatch19.0.2
OR
ibmcloud_pak_for_automationMatch19.0.3
OR
ibmcloud_pak_for_automationMatch20.0.1
OR
ibmcloud_pak_for_automationMatch20.0.2
OR
ibmcloud_pak_for_automationMatch20.0.3
OR
ibmcloud_pak_for_automationMatch21.0.1
OR
ibmcloud_pak_for_automationMatch21.0.2
OR
ibmcloud_pak_for_automationMatch21.0.3
OR
ibmcloud_pak_for_automationMatch22.0.1
OR
ibmcloud_pak_for_automationMatch22.0.2
OR
ibmcloud_pak_for_business_automationMatch18.0.0
OR
ibmcloud_pak_for_business_automationMatch18.0.1
OR
ibmcloud_pak_for_business_automationMatch18.0.2
OR
ibmcloud_pak_for_business_automationMatch19.0.1
OR
ibmcloud_pak_for_business_automationMatch19.0.2
OR
ibmcloud_pak_for_business_automationMatch19.0.3
OR
ibmcloud_pak_for_business_automationMatch20.0.1
OR
ibmcloud_pak_for_business_automationMatch20.0.2
OR
ibmcloud_pak_for_business_automationMatch20.0.3
OR
ibmcloud_pak_for_business_automationMatch21.0.1
OR
ibmcloud_pak_for_business_automationMatch21.0.2
OR
ibmcloud_pak_for_business_automationMatch21.0.3
OR
ibmcloud_pak_for_business_automationMatch22.0.1
OR
ibmcloud_pak_for_business_automationMatch22.0.2
VendorProductVersionCPE
ibmcloud_pak_for_automation18.0.0cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.0:*:*:*:*:*:*:*
ibmcloud_pak_for_automation18.0.1cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.1:*:*:*:*:*:*:*
ibmcloud_pak_for_automation18.0.2cpe:2.3:a:ibm:cloud_pak_for_automation:18.0.2:*:*:*:*:*:*:*
ibmcloud_pak_for_automation19.0.1cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*
ibmcloud_pak_for_automation19.0.2cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*
ibmcloud_pak_for_automation19.0.3cpe:2.3:a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
ibmcloud_pak_for_automation20.0.1cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
ibmcloud_pak_for_automation20.0.2cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*
ibmcloud_pak_for_automation20.0.3cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*
ibmcloud_pak_for_automation21.0.1cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 281

Related

ibm 61
nessus 35
redhat 8
osv 11
suse 2
openvas 20
debian 3
ubuntu 2
gentoo 3
amazon 1
fedora 4
oraclelinux 3
qualysblog 2
kaspersky 2
wizblog 1
rapid7blog 2
rocky 1
ics 3
f5 1
githubexploit 4
fortinet 1
nvidia 1
amd 1
intel 1
hivepro 1
akamaiblog 1
photon 1
checkpoint_advisories 1
cisa 1
freebsd 2
cisco 1
arista 1
talosblog 1
ubuntucve 1
almalinux 1
mageia 1
trellix 4
aix 1
msrc 2
nodejsblog 1
mscve 1
cvelist 1
nvd 1
prion 1
cve 1
ibm
ibm
Security Bulletin: Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow
2023-02-28 07:40:58
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service due to the package org.yaml:snakeyaml and jackson-databind
2022-12-20 16:55:05
Security Bulletin: Multiple Vulnerabilities in java packages affect IBM Voice Gateway
2022-10-21 20:22:51
nessus
nessus
RHEL 7 : snakeyaml (Unpatched Vulnerability)
2024-05-11 00:00:00
Debian DLA-3132-1 : snakeyaml - LTS security update
2022-10-03 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SnakeYAML vulnerabilities (USN-5944-1)
2023-03-10 00:00:00
redhat
redhat
(RHSA-2022:8876) Moderate: Red Hat AMQ Broker 7.10.2 release and security update
2022-12-07 08:18:33
(RHSA-2022:6757) Important: Red Hat build of Eclipse Vert.x 4.3.3 security update
2022-10-05 14:48:34
(RHSA-2022:8524) Important: Red Hat Data Grid 8.4.0 security update
2022-11-17 13:38:03
osv
osv
snakeyaml vulnerabilities
2023-03-10 10:18:12
snakeyaml - security update
2022-10-02 00:00:00
Important: openssl security update
2022-11-01 18:25:07
suse
suse
Security update for snakeyaml (important)
2022-09-26 00:00:00
Security update for openssl-3 (critical)
2022-11-01 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3132-1)
2022-10-05 00:00:00
Ubuntu: Security Advisory (USN-5944-1)
2023-03-13 00:00:00
openSUSE: Security Advisory for snakeyaml (SUSE-SU-2022:3397-1)
2022-09-27 00:00:00
debian
debian
[SECURITY] [DLA 3132-1] snakeyaml security update
2022-10-02 22:06:40
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
ubuntu
ubuntu
SnakeYAML vulnerabilities
2023-03-10 00:00:00
OpenSSL vulnerabilities
2022-11-01 00:00:00
gentoo
gentoo
snakeyaml: Multiple Vulnerabilities
2023-05-21 00:00:00
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
OpenSSL: Multiple Vulnerabilities
2022-11-01 00:00:00
amazon
amazon
Medium: snakeyaml
2024-01-03 21:04:00
fedora
fedora
[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36
2022-12-21 01:18:24
[SECURITY] Fedora 37 Update: snakeyaml-1.32-1.fc37
2022-12-21 01:29:20
[SECURITY] Fedora 37 Update: openssl-3.0.5-3.fc37
2022-11-02 02:01:31
oraclelinux
oraclelinux
openssl security update
2022-11-17 00:00:00
openssl security update
2022-11-01 00:00:00
openssl security update
2022-11-01 00:00:00
qualysblog
qualysblog
Qualys Research Alert: OpenSSL 3.0.7 – What You Need To Know
2022-10-31 14:15:52
OpenSSL Vulnerability Recap
2022-11-03 17:00:00
kaspersky
kaspersky
KLA20037 Multiple vulnerabilities in Microsoft Open Source Software
2022-11-02 00:00:00
KLA20036 Multiple vulnerabilities in Microsoft Azure
2022-11-02 00:00:00
wizblog
wizblog
OpenSSL vulnerabilities: Everything you need to know
2022-10-29 04:11:46
rapid7blog
rapid7blog
Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
2022-11-11 13:41:22
CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed
2022-11-01 16:38:53
rocky
rocky
openssl security update
2022-11-01 18:25:07
ics
ics
Hitachi Energy PCU400
2023-01-19 12:00:00
Siemens Products affected by OpenSSL 3.0
2022-12-15 12:00:00
Hitachi Energy Lumada Asset Performance Management
2023-01-05 12:00:00
f5
f5
OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602
2022-10-28 17:31:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Openssl
2022-10-30 23:32:56
Exploit for Out-of-bounds Write in Openssl
2022-11-02 09:29:04
Exploit for Out-of-bounds Write in Openssl
2022-10-28 09:51:41
fortinet
fortinet
Protect
2022-10-28 00:00:00
nvidia
nvidia
Security Notice: NVIDIA Response to OpenSSL Vulnerabilities - November 2022
2022-11-01 00:00:00
amd
amd
OpenSSL Vulnerabilities
2023-08-08 00:00:00
intel
intel
Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory
2023-02-02 00:00:00
hivepro
hivepro
Patch available for pre-announced Critical Vulnerability in OpenSSL
2022-11-02 07:27:54
akamaiblog
akamaiblog
An update on the impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on Akamai's systems
2022-11-07 10:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0272
2022-11-02 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)
2022-11-03 00:00:00
cisa
cisa
OpenSSL Releases Security Update
2022-11-01 00:00:00
freebsd
freebsd
OpenSSL -- Buffer overflows in Email verification
2022-11-01 00:00:00
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
cisco
cisco
Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
2022-10-28 16:00:00
arista
arista
Security Advisory 0081
2022-11-01 00:00:00
talosblog
talosblog
Threat Advisory: High Severity OpenSSL Vulnerabilities
2022-11-01 19:03:49
ubuntucve
ubuntucve
CVE-2022-3786
2022-11-01 00:00:00
almalinux
almalinux
Important: openssl security update
2022-11-01 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
trellix
trellix
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602
2022-11-01 00:00:00
CVE-2023-0286: The OpenSSL Who Cried “Severity: High
2023-02-09 00:00:00
OpenSSL 3.0 Vulnerabilities: CVE 2022-3786 and CVE 2022-3602
2022-11-01 00:00:00
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-01-24 09:22:21
msrc
msrc
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
2022-11-02 07:00:00
Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
2022-11-02 07:00:00
nodejsblog
nodejsblog
Nov 3 2022 Security Releases
2022-11-01 00:00:00
mscve
mscve
OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun
2022-11-02 07:00:00
cvelist
cvelist
CVE-2023-22860 IBM Cloud Pak for Business Automation cross-site scripting
2023-02-27 14:23:44
nvd
nvd
CVE-2023-22860
2023-02-27 15:15:11
prion
prion
Cross site scripting
2023-02-27 15:15:00
cve
cve
CVE-2023-22860
2023-02-27 15:15:11

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.102

Percentile

95.1%

JSON
Related for 0344344C5BC1E5BD76915E58268A7771FE5523A39AC168718FA30C6F4E2E5B5F
ibm61nessus35redhat8osv11suse2openvas20debian3ubuntu2gentoo3amazon1fedora4oraclelinux3qualysblog2kaspersky2wizblog1rapid7blog2rocky1ics3f51githubexploit4fortinet1nvidia1amd1intel1hivepro1akamaiblog1photon1checkpoint_advisories1cisa1freebsd2cisco1arista1talosblog1ubuntucve1almalinux1mageia1trellix4aix1msrc2nodejsblog1mscve1cvelist1nvd1prion1cve1