CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
5.1%
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed.
CVEID:CVE-2022-43901
**DESCRIPTION:**IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240829 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-43900
**DESCRIPTION:**IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could provide a weaker than expected security. A local attacker can create an outbound network connection to another system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240827 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
These vulnerabilities affect all versions of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps up to and including 1.4.2.
IBM strongly recommends addressing the vulnerability now by upgrading to 1.4.3 or higher.
Follow https://www.ibm.com/docs/en/ws-automation?topic=installing-validating-installation to confirm the WebSphere Automation operator version.
Follow <https://www.ibm.com/docs/en/ws-automation?topic=installing-updating-websphere-automation> to update the WebSphere Automation operator installation.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_automation_for_ibm_cloud_pak_for_watson_aiops | 1.4.2. | cpe:2.3:a:ibm:websphere_automation_for_ibm_cloud_pak_for_watson_aiops:1.4.2.:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
5.1%