IBM WebSphere Automation AIOps 1.4.3 Local Auth Info Disclosure
CVE-2022-43901 Published on December 1, 2022

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2022-43901 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2022-43901

Want to know whenever a new CVE is published for Websphere Automation Ibm Cloud Pak Watson Aiops? stack.watch will email you.

Websphere Automation Ibm Cloud Pak Watson Aiops
 

Affected Versions

IBM WebSphere Automation for Cloud Pak for Watson AIOps Version 1.4.3 is affected by CVE-2022-43901

Exploit Probability

EPSS
0.05%
Percentile
15.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.