CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
17.7%
IBM WebSphere Application Server is bundled as a component of the IBM Tivoli Business Service Manager dashboard. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
CVEID:CVE-2022-35282
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230809 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Business Service Manager | 6.2.0 |
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Business Service Manager 6.2.0 | IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH47385. |
For IBM WebSphere Application Server traditional:
For V9.0.0.0 through 9.0.5.13:
ยท Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH47385
--ORโ
ยท Apply Fix Pack 9.0.5.14 or later (targeted availability 4Q2022).
For V8.5.0.0 through 8.5.5.22:
ยท Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH47385
--ORโ
ยท Apply Fix Pack 8.5.5.23 or later (targeted availability 1Q2023).
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_business_service_manager | 6.2.0 | cpe:2.3:a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
17.7%