6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
IBM Business Automation Workflow embedded doucment managaement system is vulnerable to incorrect authorization an attack.
CVEID:CVE-2023-47716
**DESCRIPTION:**IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) | Status |
---|---|---|
IBM Business Automation Workflow containers |
V23.0.1 all fixes
V22.0.2 all fixes
V22.0.1 all fixes
V21.0.3 - V21.0.3-IF027
V21.0.2 all fixes
V20.0.0.2 all fixes
V20.0.0.1 all fixes
| affected
IBM Business Automation Workflow traditional| V23.0.1
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.1
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3| affected
For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.
The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR DT363581 as soon as practical.
Affected Product(s) | Version(s) | Remediation / Fix |
---|---|---|
IBM Business Automation Workflow containers | V21.0.3 | Apply 21.0.3-IF028 |
or upgrade to 23.0.2 latest iFix or later | ||
IBM Business Automation Workflow containers | V23.0.1 | |
V22.0.1 - V22.0.2 | ||
V21.0.1 - V21.0.2 | ||
V20.0.0.1 - V20.0.0.2 | Upgrade to 21.0.3-IF028 | |
or upgrade to 23.0.2 latest iFix or later | ||
IBM Business Automation Workflow traditional | V21.0.3.1 | Apply DT363581 |
IBM Business Automation Workflow traditional |
V23.0.1
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.0
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.1 - V18.0.0.3
| Upgrade to a long term support release or the latest SSCD version. See IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum
None
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%