CVE-2022-43901

MEDIUM

IBM WebSphere Automation <1.4.3 - Info Disclosure

Title source: llm

Description

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.

References (2)

[Broken Link, VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/240829

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6842605

Scores

CVSS v3 5.7

EPSS 0.0005

EPSS Percentile 15.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200 CWE-668

Status published

Affected Products (1)

ibm/websphere_automation_for_ibm_cloud_pak_for_watson_aiops < 1.4.3

Timeline

Published Dec 01, 2022

Tracked Since Feb 18, 2026