CVE-2022-35279
MEDIUMIBM Business Automation Workflow Authenticated Sensitive Information Disclosure
Title source: llmDescription
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6829847
Scores
CVSS v3
4.3
EPSS
0.0011
EPSS Percentile
29.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (7)
ibm/business_automation_workflow
20.0.0.1 (2 CPE variants)
ibm/business_automation_workflow
20.0.0.2 (2 CPE variants)
ibm/business_automation_workflow
21.0.1
ibm/business_automation_workflow
21.0.2 (2 CPE variants)
ibm/business_automation_workflow
21.0.3 (9 CPE variants)
ibm/business_automation_workflow
22.0.1 (3 CPE variants)
ibm/business_automation_workflow
18.0.0.0 - 18.0.0.2
Published
Nov 03, 2022
Tracked Since
Feb 18, 2026