Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-34336)

2022-09-1407:23:45

www.ibm.com

ibm websphere application server

business monitor

cross-site scripting

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

19.6%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Business Monitor	8.5.5
IBM Business Monitor	8.5.6
IBM Business Monitor	8.5.7

Remediation/Fixes

Please consult the security bulletin IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336) vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_monitorMatch8.5.5

ibmbusiness_monitorMatch8.5.6

ibmbusiness_monitorMatch8.5.7

VendorProductVersionCPE
ibmbusiness_monitor8.5.5cpe:2.3:a:ibm:business_monitor:8.5.5:*:*:*:*:*:*:*
ibmbusiness_monitor8.5.6cpe:2.3:a:ibm:business_monitor:8.5.6:*:*:*:*:*:*:*
ibmbusiness_monitor8.5.7cpe:2.3:a:ibm:business_monitor:8.5.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	business_monitor	8.5.5	cpe:2.3:a:ibm:business_monitor:8.5.5:::::::*
ibm	business_monitor	8.5.6	cpe:2.3:a:ibm:business_monitor:8.5.6:::::::*
ibm	business_monitor	8.5.7	cpe:2.3:a:ibm:business_monitor:8.5.7:::::::*