CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
19.6%
IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and is vulnerable to cross-site scripting in the Admin Console. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli System Automation Application Manager | 4.1 |
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
IBM Tivoli System Automation Application Manager 4.1 | WebSphere Application Server 8.5 | Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336) |
IBM Tivoli System Automation Application Manager 4.1 | WebSphere Application Server 9.0 | Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336) |
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
19.6%