Rewterz Threat Advisory – CVE-2022-40752 – IBM InfoSphere DataStage Vulnerability
November 23, 2022Rewterz Threat Advisory – Multiple IBM CICS TX Vulnerabilities
November 23, 2022Rewterz Threat Advisory – CVE-2022-40752 – IBM InfoSphere DataStage Vulnerability
November 23, 2022Rewterz Threat Advisory – Multiple IBM CICS TX Vulnerabilities
November 23, 2022Severity
High
Analysis Summary
CVE-2022-38385 CVSS:7.1
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation.
CVE-2022-38387 CVSS:7.1
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Impact
- Information Disclosure
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2022-38385
- CVE-2022-38387
Affected Vendors
IBM
Affected Products
- IBM Cloud Pak for Security 1.10.0.0
- IBM Cloud Pak for Security 1.10.2.0
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.
CVE-2022-38385
CVE-2022-38387