Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-35282)

2022-09-2907:14:08

www.ibm.com

ibm websphere application server

ibm business monitor

cve-2022-35282

security bulletin

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.7%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Business Monitor	8.5.5
IBM Business Monitor	8.5.6
IBM Business Monitor	8.5.7

Remediation/Fixes

Please consult the security bulletin IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282) vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_monitorMatch8.5.5

ibmbusiness_monitorMatch8.5.6

ibmbusiness_monitorMatch8.5.7

VendorProductVersionCPE
ibmbusiness_monitor8.5.5cpe:2.3:a:ibm:business_monitor:8.5.5:*:*:*:*:*:*:*
ibmbusiness_monitor8.5.6cpe:2.3:a:ibm:business_monitor:8.5.6:*:*:*:*:*:*:*
ibmbusiness_monitor8.5.7cpe:2.3:a:ibm:business_monitor:8.5.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	business_monitor	8.5.5	cpe:2.3:a:ibm:business_monitor:8.5.5:::::::*
ibm	business_monitor	8.5.6	cpe:2.3:a:ibm:business_monitor:8.5.6:::::::*
ibm	business_monitor	8.5.7	cpe:2.3:a:ibm:business_monitor:8.5.7:::::::*