9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.3%
Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.0
CVEID:CVE-2022-46337
**DESCRIPTION:**Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a specially crafted request, an attacker could exploit this vulnerability to view and corrupt sensitive data and run sensitive database functions and procedures.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2020-28052
**DESCRIPTION:**Legion of the Bouncy Castle BC Java could allow a remote attacker to bypass security restrictions. The OpenBSDBCrypt.checkPassword utility method compares incorrect data when checking the password. By using brute force techniques, an attacker could exploit this vulnerability to allow incorrect passwords to indicate they were matching with previously hashed ones that were different.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193563 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak for AIOps | 4.1.0 - 4-3.0 |
IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for aiops | eq | 4.4.0 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.3%