Lucene search

[email protected]NVD:CVE-2022-22326

HistoryAug 01, 2022 - 11:15 a.m.

CVE-2022-22326

2022-08-0111:15:13

CWE-863

[email protected]

web.nvd.nist.gov

ibm

datapower gateway

unauthorized access

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.2%

JSON

IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.

Affected configurations

Nvd

Node

ibmdatapower_gatewayRange10.0.1.0–10.0.1.6

ibmdatapower_gatewayRange10.0.2.0–10.0.5.0

ibmdatapower_gatewayRange2018.4.1.0–2018.4.1.19

Node

ibmmq_appliance_m2002_firmwareRange<9.2.0.5long_term_support

ibmmq_appliance_m2002_firmwareRange<9.2.5continuous_delivery

AND

ibmmq_appliance_m2002Match-

Node

ibmmq_appliance_m2001_firmwareRange<9.2.0.5long_term_support

ibmmq_appliance_m2001_firmwareRange<9.2.5continuous_delivery

AND

ibmmq_appliance_m2001Match-

VendorProductVersionCPE
ibmdatapower_gateway*cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*
ibmmq_appliance_m2002_firmware*cpe:2.3:o:ibm:mq_appliance_m2002_firmware:*:*:*:*:long_term_support:*:*:*
ibmmq_appliance_m2002_firmware*cpe:2.3:o:ibm:mq_appliance_m2002_firmware:*:*:*:*:continuous_delivery:*:*:*
ibmmq_appliance_m2002-cpe:2.3:h:ibm:mq_appliance_m2002:-:*:*:*:*:*:*:*
ibmmq_appliance_m2001_firmware*cpe:2.3:o:ibm:mq_appliance_m2001_firmware:*:*:*:*:long_term_support:*:*:*
ibmmq_appliance_m2001_firmware*cpe:2.3:o:ibm:mq_appliance_m2001_firmware:*:*:*:*:continuous_delivery:*:*:*
ibmmq_appliance_m2001-cpe:2.3:h:ibm:mq_appliance_m2001:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	datapower_gateway	*	cpe:2.3:a:ibm:datapower_gateway::::::::
ibm	mq_appliance_m2002_firmware	*	cpe:2.3:o:ibm:mq_appliance_m2002_firmware:::::long_term_support:::*
ibm	mq_appliance_m2002_firmware	*	cpe:2.3:o:ibm:mq_appliance_m2002_firmware:::::continuous_delivery:::*
ibm	mq_appliance_m2002	-	cpe:2.3:h:ibm:mq_appliance_m2002:-:::::::*
ibm	mq_appliance_m2001_firmware	*	cpe:2.3:o:ibm:mq_appliance_m2001_firmware:::::long_term_support:::*
ibm	mq_appliance_m2001_firmware	*	cpe:2.3:o:ibm:mq_appliance_m2001_firmware:::::continuous_delivery:::*
ibm	mq_appliance_m2001	-	cpe:2.3:h:ibm:mq_appliance_m2001:-:::::::*

References

exchange.xforce.ibmcloud.com/vulnerabilities/218856

www.ibm.com/support/pages/node/6560048

www.ibm.com/support/pages/node/6608598

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.2%

JSON

Related for NVD:CVE-2022-22326

cve1 prion1 ibm2 cvelist1