CVE-2022-43864

CVSS V2 None CVSS V3 None
Description
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
Overview
  • CVE ID
  • CVE-2022-43864
  • Assigner
  • psirt@us.ibm.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-26T21:17:48
  • Last Modified Date
  • 2023-02-01T20:43:19
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:* 1 OR 21.0.1 21.0.3.1
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:* 1 OR
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:* 1 OR
cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:* 1 OR
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:* 1 OR
cpe:2.3:a:ibm:business_monitor:8.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:business_monitor:8.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:business_monitor:8.5.7:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-01-26 23:17:05 Added to TrackCVE
2023-01-26 23:17:06 Weakness Enumeration new
2023-01-27 15:14:48 2023-01-27T14:03:45 CVE Modified Date updated
2023-01-27 15:14:48 Received Awaiting Analysis Vulnerability Status updated
2023-01-31 18:13:14 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-02-01 21:13:50 2023-02-01T20:43:19 CVE Modified Date updated
2023-02-01 21:13:50 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-01 21:13:53 CPE Information updated