IBMD9F42A00B5CC68A1178C9B9D9195D0C4E22D9C5D82248BC8F5CB8A9A6344B942Security Bulletin: Content Collector for Email is affected by a vulnerability found in embedded WebSphere Application Server
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
17.7%
Summary
Embedded WebSphere Application Server is vulnerable to Server-Side Request Forgery
Vulnerability Details
CVEID:CVE-2022-35282
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230809 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Content Collector for Email | 4.0.0, 4.0.1 |
Remediation/Fixes
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| IBM Content Collector for Email | 4.0.1 | Apply Interim Fix 4.0.1.9-IBM-ICC-IF014 |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | content_collector | 4.0.1 | cpe:2.3:a:ibm:content_collector:4.0.1:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
17.7%