CVE-2022-34355 — Sensitive Information Exposure in IBM Engineering Lifecycle Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

CNA4.0

EPSS

0.0%

top 94.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Lifecycle Management IBM Collaborative Lifecycle Management

Timeline

PublishedOct 6

Description

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/engineering_lifecycle_management6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2

▶NVDibm/engineering_lifecycle_management7.0, 7.0.1, 7.0.2+2

▶NVDibm/collaborative_lifecycle_management6.0.6, 6.0.6.1+1

🔴Vulnerability Details

CVEList

IBM Jazz Foundation information disclosure↗2023-10-06

▶

GHSA

GHSA-4c79-cjmm-66qf: IBM Jazz Foundation (IBM Engineering Lifecycle Management 6↗2023-10-06

▶