6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.0%
There is a vulnerability in the Spring Framework open source library used by IBM OpenPages with Watson. This affects the IBM OpenPages application server. This vulnerability has been addressed.
CVEID:CVE-2022-22950
**DESCRIPTION:**VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223096 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L)
Affected Product(s) | Version(s) |
---|
IBM OpenPages with Watson
|
8.3, 8.2
A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:
Fix | Download URL |
---|
For IBM OpenPages with Watson 8.3
- Apply 8.3 Fix Pack 2 (8.3.0.2) or later
|
<https://www.ibm.com/support/pages/openpages-watson-83-fix-pack-2>
For IBM OpenPages with Watson 8.2
- Upgrade to 8.2 Fix Pack 4 (8.2.0.4)
- Apply Interim Fix 7 (8.2.0.4.7) or later
Or
- Upgrade to 8.2 Fix Pack 5 (8.2.0.5)
|
IBM recommends to use the latest Interim Fix (IF) or Fix Pack. Here is the link for more information:
<https://www.ibm.com/support/pages/openpages-watson-82-fix-list>
For IBM OpenPages with Watson 8.0/8.1 customers, IBM recommends to upgrade to a fixed and supported versions 8.2, 8.3 or9.0 of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm openpages with watson | eq | 8.3 | |
ibm openpages with watson | eq | 8.2 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
34.0%