Vulnerability Description
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Automation Workflow | >= 19.0.0.1, <= 19.0.0.3 |
| Ibm | Business Process Manager | >= 8.5.0.0, <= 8.5.0.201706 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220784VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6590411PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220784VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6590411PatchVendor Advisory
FAQ
What is CVE-2022-22361?
CVE-2022-22361 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1...
How severe is CVE-2022-22361?
CVE-2022-22361 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22361?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Automation Workflow, Ibm Business Process Manager.