CVE-2022-43900 – IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass
https://notcve.org/view.php?id=CVE-2022-43900
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. IBM WebSphere Automation para IBM Cloud Pak para Watson AIOps 1.4.2 podría proporcionar una seguridad más débil de lo esperado. Un atacante local puede crear una conexión de red saliente a otro sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/240827 https://www.ibm.com/support/pages/node/6842605 • CWE-287: Improper Authentication •
CVE-2022-38710 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-38710
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. "IBM Robotic Process Automation 21.0.1 y 21.0.2 podrían revelar información confidencial de la versión que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292". IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234292 https://www.ibm.com/support/pages/node/6831681 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2022-42442 – IBM Robotic Process Automation for Cloud Pak information disclosure
https://notcve.org/view.php?id=CVE-2022-42442
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. IBM Robotic Process Automation para Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4 y 21.0.5 es vulnerable a la exposición de la dirección de correo electrónico del propietario del primer inquilino a los usuarios con acceso a la plataforma de contenedores. ID de IBM X-Force: 238214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238214 https://www.ibm.com/support/pages/node/6831787 •
CVE-2022-43574
https://notcve.org/view.php?id=CVE-2022-43574
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4 y 21.0.5 es vulnerable a una asignación de permisos incorrecta que podría permitir el acceso a las configuraciones de la aplicación. ID de IBM X-Force: 238679". • https://www.ibm.com/support/pages/node/6831645 • CWE-276: Incorrect Default Permissions •
CVE-2022-22493
https://notcve.org/view.php?id=CVE-2022-22493
IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. IBM WebSphere Automation for Cloud Pak for Watson AIOps versión 1.4.2, es vulnerable a un ataque de tipo cross-site request forgery, causada por la configuración inapropiada de los atributos de las cookies. IBM X-Force ID: 226449 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226449 https://www.ibm.com/support/pages/node/6826727 • CWE-352: Cross-Site Request Forgery (CSRF) •