CVE-2022-43864
published 2023-01-26CVE-2022-43864: IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | 21.0.1 – 21.0.3.1 | — |
| ibm | business_monitor | — | — |
| ibm | business_monitor | — | — |
| ibm | business_monitor | — | — |
| ibm | business_monitor | — | — |