Vulnerabilities > CVE-2022-43864 - Unspecified vulnerability in IBM Business Automation Workflow and Business Monitor

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2023-01-26

Updated: 2024-11-21

Summary

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Business Automation Workflow 20.0.0.1 IBM Business Automation Workflow 20.0.0.2 IBM Business Automation Workflow 22.0.1 IBM Business Automation Workflow 21.0.1 IBM Business Automation Workflow 21.0.2 IBM Business Automation Workflow 21.0.3 IBM Business Automation Workflow 21.0.3.1 IBM Business Automation Workflow 22.0.2 IBM Business Monitor 8.5.6 IBM Business Monitor 8.5.7 IBM Business Monitor 8.5.5	11

Summary

Vulnerable Configurations

References