There is a vulnerability in Apache Tomcat that could allow an attacker to execute XSS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.
CVEID:CVE-2022-42252
**DESCRIPTION:**Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239171 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Process Mining | All |
Remediation/Fixes guidance:
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Process Mining | All |
Upgrade to version 1.13.2
1.Login to PassPortAdvantage
2. Search for
M09PSML Process Mining 1.13.2 Server Multiplatform Multilingual
3. Download package
4. Follow install instructions
5. Repeat for M09PTML
Process Mining 1.13.2 Client Windows Multilingual
None Known
CPE | Name | Operator | Version |
---|---|---|---|
ibm process mining | eq | any |