CVE-2022-36769

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/232034	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6980959	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/232034	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6980959	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:cloud_pak_for_data:4.5:::::::*
	cpe:2.3:a:ibm:cloud_pak_for_data:4.6:::::::*

cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:13

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6980959 - Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6980959 - Vendor Advisory

Information

Published : 2023-04-26 03:15

Updated : 2024-11-21 07:13

NVD link : CVE-2022-36769

Mitre link : CVE-2022-36769

CVE.ORG link : CVE-2022-36769

JSON object : View

Products Affected

openshift

cloud_pak_for_data

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-36769", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-04-26T03:15:08.663", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034", "tags": ["VDB Entry", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.ibm.com/support/pages/node/6980959", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/232034", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6980959", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "\nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n"}], "lastModified": "2024-11-21T07:13:40.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DBAEB61-F9C1-40D9-9952-13DC12622ED3"}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F462804-1CB4-406E-A14A-FD6EF173A5D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}