IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/238054 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6852217 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:53
Type | Values Removed | Values Added |
---|---|---|
Summary | IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. |
10 Jan 2023, 15:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if001:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if001:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if003:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if011:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:20.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if010:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if008:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:20.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if002:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:18.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if004:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if009:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if002:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:19.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if006:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if003:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:19.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if005:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if004:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if004:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if007:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if012:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:20.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if001:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if007:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if003:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:19.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if003:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if005:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if005:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if006:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if004:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:18.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if002:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if001:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:18.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://www.ibm.com/support/pages/node/6852217 - Patch, Vendor Advisory | |
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/238054 - VDB Entry, Vendor Advisory | |
First Time |
Ibm
Ibm business Automation Workflow |
04 Jan 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-04 00:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-42435
Mitre link : CVE-2022-42435
CVE.ORG link : CVE-2022-42435
JSON object : View
Products Affected
ibm
- business_automation_workflow
CWE
CWE-352
Cross-Site Request Forgery (CSRF)