Local Attacker Can Forge Outbound Connections via IBM WebSphere Automation 1.4.2
CVE-2022-43900 Published on December 1, 2022
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.
Vulnerability Analysis
Weakness Type
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2022-43900 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2022-43900
stack.watch emails you whenever new vulnerabilities are published in Websphere Automation Ibm Cloud Pak Watson Aiops or IBM Websphere Automation. Just hit a watch button to start following.
Affected Versions
WebSphere Automation for IBM Cloud Pak for Watson AIOps Version 1.4.2 is affected by CVE-2022-43900Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.