CVE-2022-35279
First published: Mon Oct 17 2022(Updated: )
IBM Business Automation Workflow could disclose sensitive version information to authenticated users which could be used in further attacks against the system.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Business Automation Workflow | >=18.0.0.0<=18.0.0.2 | |
| IBM Business Automation Workflow | >=19.0.0.0<=19.0.0.3 | |
| IBM Business Automation Workflow | =20.0.0.1 | |
| IBM Business Automation Workflow | =20.0.0.1 | |
| IBM Business Automation Workflow | =20.0.0.2 | |
| IBM Business Automation Workflow | =20.0.0.2 | |
| IBM Business Automation Workflow | =21.0.1 | |
| IBM Business Automation Workflow | =21.0.2 | |
| IBM Business Automation Workflow | =21.0.2 | |
| IBM Business Automation Workflow | =21.0.3 | |
| IBM Business Automation Workflow | =21.0.3-if002 | |
| IBM Business Automation Workflow | =21.0.3-if005 | |
| IBM Business Automation Workflow | =21.0.3-if006 | |
| IBM Business Automation Workflow | =21.0.3-if007 | |
| IBM Business Automation Workflow | =21.0.3-if008 | |
| IBM Business Automation Workflow | =21.0.3-if009 | |
| IBM Business Automation Workflow | =21.0.3-if010 | |
| IBM Business Automation Workflow | =21.0.3-if011 | |
| IBM Business Automation Workflow | =22.0.1 | |
| IBM Business Automation Workflow | =22.0.1 | |
| IBM Business Automation Workflow | =22.0.1-if001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-35279?
CVE-2022-35279 is a vulnerability in IBM Business Automation Workflow that could disclose sensitive version information to authenticated users.
How does CVE-2022-35279 affect IBM Business Automation Workflow?
CVE-2022-35279 affects IBM Business Automation Workflow versions 18.0.0.0 to 18.0.0.2, 19.0.0.0 to 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2 to 21.0.3, and 22.0.1.
What is the severity of CVE-2022-35279?
CVE-2022-35279 has a severity level of medium with a CVSS score of 4.3.
How can authenticated users exploit CVE-2022-35279?
Authenticated users can exploit CVE-2022-35279 to obtain sensitive version information that could be used for further attacks against the system.
Where can I find more information about CVE-2022-35279?
You can find more information about CVE-2022-35279 at the IBM X-Force Exchange website and the IBM support pages.
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm business automation workflow
- version/ibm business automation workflow/18.0.0.0
- version/ibm business automation workflow/18.0.0.2
- version/ibm business automation workflow/19.0.0.0
- version/ibm business automation workflow/19.0.0.3
- version/ibm business automation workflow/20.0.0.1
- version/ibm business automation workflow/20.0.0.2
- version/ibm business automation workflow/21.0.1
- version/ibm business automation workflow/21.0.2
- version/ibm business automation workflow/21.0.3
- version/ibm business automation workflow/21.0.3-if002
- version/ibm business automation workflow/21.0.3-if005
- version/ibm business automation workflow/21.0.3-if006
- version/ibm business automation workflow/21.0.3-if007
- version/ibm business automation workflow/21.0.3-if008
- version/ibm business automation workflow/21.0.3-if009
- version/ibm business automation workflow/21.0.3-if010
- version/ibm business automation workflow/21.0.3-if011
- version/ibm business automation workflow/22.0.1
- version/ibm business automation workflow/22.0.1-if001