IBMDCDE8077B3815F54F73C0CC585CDB9E25B8D521990FA106BD71DE47974361045Security Bulletin: A Security Vulnerability was fixed in IBM Application Gateway.
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%
Summary
IBM Security Application Gateway is vulnerable to cross-site scripting. This has been fixed in IBM Application Gateway 22.07
Vulnerability Details
CVEID:CVE-2022-22387
**DESCRIPTION:**IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Application Gateway | 1.0 |
Remediation/Fixes
To resolve this vulnerability a customer needs to pull the fix from Docker at <https://hub.docker.com/r/ibmcom/ibm-application-gateway>
to update to the latest version.
The command is:
docker pull ibmcom/ibm-application-gateway
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm application gateway | eq | 1.0 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%