CVE-2022-22361

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

IBM Business Automation Workflow tradicional versiones 21.0.1 hasta 21.0.3, 20.0.0.1 hasta 20.0.0.2, 19.0.0.1 hasta 19.0.0.3, 18.0.0.0 hasta 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 hasta 20.0.0. 2, IBM Business Process Manager 8.6.0.0 hasta 8.6.0.201803, y 8.5.0.0 hasta 8.5.0.201706 es vulnerable a la falsificación de petición de sitio cruzado que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-03 CVE Reserved
2022-05-31 CVE Published
2023-12-22 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.ibm.com/support/pages/node/6590411	2022-06-10

URL	Date	SRC
https://exchange.xforce.ibmcloud.com/vulnerabilities/220784	2022-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Business Automation Workflow Search vendor "Ibm" for product "Business Automation Workflow"				>= 19.0.0.1 <= 19.0.0.3 Search vendor "Ibm" for product "Business Automation Workflow" and version " >= 19.0.0.1 <= 19.0.0.3"		-		Affected
Ibm Search vendor "Ibm"		Business Automation Workflow Search vendor "Ibm" for product "Business Automation Workflow"				>= 21.0.1 <= 21.0.3 Search vendor "Ibm" for product "Business Automation Workflow" and version " >= 21.0.1 <= 21.0.3"		-		Affected
Ibm Search vendor "Ibm"		Business Automation Workflow Search vendor "Ibm" for product "Business Automation Workflow"				18.0.0.0 Search vendor "Ibm" for product "Business Automation Workflow" and version "18.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Business Automation Workflow Search vendor "Ibm" for product "Business Automation Workflow"				18.0.0.1 Search vendor "Ibm" for product "Business Automation Workflow" and version "18.0.0.1"		-		Affected
Ibm Search vendor "Ibm"		Business Automation Workflow Search vendor "Ibm" for product "Business Automation Workflow"				20.0.0.1 Search vendor "Ibm" for product "Business Automation Workflow" and version "20.0.0.1"		-		Affected
Ibm Search vendor "Ibm"		Business Automation Workflow Search vendor "Ibm" for product "Business Automation Workflow"				20.0.0.2 Search vendor "Ibm" for product "Business Automation Workflow" and version "20.0.0.2"		-		Affected
Ibm Search vendor "Ibm"		Business Process Manager Search vendor "Ibm" for product "Business Process Manager"				>= 8.5.0.0 <= 8.5.0.201706 Search vendor "Ibm" for product "Business Process Manager" and version " >= 8.5.0.0 <= 8.5.0.201706"		-		Affected
Ibm Search vendor "Ibm"		Business Process Manager Search vendor "Ibm" for product "Business Process Manager"				>= 8.6.0.0 <= 8.6.0.201803 Search vendor "Ibm" for product "Business Process Manager" and version " >= 8.6.0.0 <= 8.6.0.201803"		-		Affected