CVE-2022-22361

Summary

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Process Manager8.6.0.0affected
IBMBusiness Process Manager8.5.0.0affected
IBMBusiness Process Manager8.5.0.201706affected
IBMBusiness Process Manager8.6.0.201803affected
IBMBusiness Automation Workflow18.0.0.0affected
IBMBusiness Automation Workflow18.0.0.1affected
IBMBusiness Automation Workflow19.0.0.1affected
IBMBusiness Automation Workflow19.0.0.3affected
IBMBusiness Automation Workflow20.0.0.1affected
IBMBusiness Automation Workflow20.0.0.2affected
IBMBusiness Automation Workflow21.0.3affected
IBMBusiness Automation Workflow21.0.1affected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References