Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-30608 (GCVE-0-2022-30608)
Vulnerability from cvelistv5 – Published: 2022-11-03 00:00 – Updated: 2025-05-05 13:34
VLAI
EPSS
Summary
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Cross-Site Request Forgery
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IBM InfoSphere Information Server |
Affected:
11.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:12.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6829335"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-30608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T13:33:52.681692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T13:34:26.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IBM InfoSphere Information Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \"user that the website trusts. IBM X-Force ID: 227295."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-03T00:00:00.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/6829335"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-30608",
"datePublished": "2022-11-03T00:00:00.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-05-05T13:34:26.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-30608",
"date": "2026-06-17",
"epss": "0.00273",
"percentile": "0.18826"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CED2F00-89E3-4BA9-A8FB-D43B308A59A8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E492C463-D76E-49B7-A4D4-3B499E422D89\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \\\"user that the website trusts. IBM X-Force ID: 227295.\"}, {\"lang\": \"es\", \"value\": \"\\\"IBM InfoSphere Information Server 11.7 es vulnerable a la Cross-Site Request Forgery (CSRF), lo que podr\\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un \\\"usuario en el que conf\\u00eda el sitio web\\\". ID de IBM X-Force: 227295.\"}]",
"id": "CVE-2022-30608",
"lastModified": "2024-11-21T07:03:01.190",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2022-11-03T20:15:28.520",
"references": "[{\"url\": \"https://www.ibm.com/support/pages/node/6829335\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6829335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-30608\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2022-11-03T20:15:28.520\",\"lastModified\":\"2025-05-05T14:15:23.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \\\"user that the website trusts. IBM X-Force ID: 227295.\"},{\"lang\":\"es\",\"value\":\"\\\"IBM InfoSphere Information Server 11.7 es vulnerable a la Cross-Site Request Forgery (CSRF), lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un \\\"usuario en el que conf\u00eda el sitio web\\\". ID de IBM X-Force: 227295.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CED2F00-89E3-4BA9-A8FB-D43B308A59A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/6829335\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6829335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/6829335\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:56:12.973Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-30608\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-05T13:33:52.681692Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352 Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:34:21.781Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"IBM InfoSphere Information Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.7\"}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/6829335\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \\\"user that the website trusts. IBM X-Force ID: 227295.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Cross-Site Request Forgery\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2022-11-03T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-30608\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T13:34:26.003Z\", \"dateReserved\": \"2022-05-12T00:00:00.000Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2022-11-03T00:00:00.000Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
IBM InfoSphere Information Server跨站请求伪造漏洞
Description
IBM InfoSphere Information Server是美国国际商业机器(IBM)公司的一套数据整合平台。该平台可用于整合各种渠道获取的数据信息。
IBM InfoSphere Information Server 11.7版本存在跨站请求伪造(CSRF)漏洞,攻击者可利用该漏洞执行恶意和未经授权的操作,传输自“网站信任的用户”。
Severity
高
Patch Name
IBM InfoSphere Information Server跨站请求伪造漏洞的补丁
Patch Description
IBM InfoSphere Information Server是美国国际商业机器(IBM)公司的一套数据整合平台。该平台可用于整合各种渠道获取的数据信息。
IBM InfoSphere Information Server 11.7版本存在跨站请求伪造(CSRF)漏洞,攻击者可利用该漏洞执行恶意和未经授权的操作,传输自“网站信任的用户”。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.ibm.com/support/pages/node/6829335
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-30608
Impacted products
| Name | IBM InfoSphere Information Server 11.7 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-30608",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-30608"
}
},
"description": "IBM InfoSphere Information Server\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6574\u5408\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u53ef\u7528\u4e8e\u6574\u5408\u5404\u79cd\u6e20\u9053\u83b7\u53d6\u7684\u6570\u636e\u4fe1\u606f\u3002\n\nIBM InfoSphere Information Server 11.7\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff08CSRF\uff09\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u6076\u610f\u548c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u4f20\u8f93\u81ea\u201c\u7f51\u7ad9\u4fe1\u4efb\u7684\u7528\u6237\u201d\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://www.ibm.com/support/pages/node/6829335",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-77513",
"openTime": "2022-11-16",
"patchDescription": "IBM InfoSphere Information Server\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6574\u5408\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u53ef\u7528\u4e8e\u6574\u5408\u5404\u79cd\u6e20\u9053\u83b7\u53d6\u7684\u6570\u636e\u4fe1\u606f\u3002\r\n\r\nIBM InfoSphere Information Server 11.7\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff08CSRF\uff09\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u6076\u610f\u548c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u4f20\u8f93\u81ea\u201c\u7f51\u7ad9\u4fe1\u4efb\u7684\u7528\u6237\u201d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM InfoSphere Information Server\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "IBM InfoSphere Information Server 11.7"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-30608",
"serverity": "\u9ad8",
"submitTime": "2022-11-05",
"title": "IBM InfoSphere Information Server\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
FKIE_CVE-2022-30608
Vulnerability from fkie_nvd - Published: 2022-11-03 20:15 - Updated: 2025-05-05 14:15
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6829335 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6829335 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | infosphere_information_server | 11.7 | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CED2F00-89E3-4BA9-A8FB-D43B308A59A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \"user that the website trusts. IBM X-Force ID: 227295."
},
{
"lang": "es",
"value": "\"IBM InfoSphere Information Server 11.7 es vulnerable a la Cross-Site Request Forgery (CSRF), lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un \"usuario en el que conf\u00eda el sitio web\". ID de IBM X-Force: 227295."
}
],
"id": "CVE-2022-30608",
"lastModified": "2025-05-05T14:15:23.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-03T20:15:28.520",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6829335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6829335"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-4R9W-2V2J-X44V
Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-04 19:01
VLAI
Details
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-30608"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-03T20:15:00Z",
"severity": "HIGH"
},
"details": "\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \"user that the website trusts. IBM X-Force ID: 227295.",
"id": "GHSA-4r9w-2v2j-x44v",
"modified": "2022-11-04T19:01:17Z",
"published": "2022-11-04T12:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30608"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6829335"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-30608
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-30608",
"id": "GSD-2022-30608"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-30608"
],
"details": "\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \"user that the website trusts. IBM X-Force ID: 227295.",
"id": "GSD-2022-30608",
"modified": "2023-12-13T01:19:37.329920Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-30608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IBM InfoSphere Information Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \"user that the website trusts. IBM X-Force ID: 227295."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6829335",
"refsource": "MISC",
"url": "https://www.ibm.com/support/pages/node/6829335"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2022-30608"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "\"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a \"user that the website trusts. IBM X-Force ID: 227295."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6829335",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6829335"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-11-04T14:08Z",
"publishedDate": "2022-11-03T20:15Z"
}
}
}
WID-SEC-W-2022-1738
Vulnerability from csaf_certbund - Published: 2022-10-16 22:00 - Updated: 2025-11-03 23:00Summary
IBM InfoSphere Information Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1738 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1738.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1738 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1738"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829353 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829353"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829371 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829371"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829373 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829373"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829335 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829335"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829311 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829311"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829369 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829369"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829325 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829325"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829365 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829365"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829361 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829361"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829339 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829339"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829349 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829349"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829363 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829363"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829327 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829327"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6955819 vom 2023-02-15",
"url": "https://www.ibm.com/support/pages/node/6955819"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7038982 vom 2023-09-28",
"url": "https://www.ibm.com/support/pages/node/7038982"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249676 vom 2025-11-03",
"url": "https://www.ibm.com/support/pages/node/7249676"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-03T23:00:00.000+00:00",
"generator": {
"date": "2025-11-04T07:18:25.963+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-1738",
"initial_release_date": "2022-10-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-03T23:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2023-02-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Business Service Manager",
"product": {
"name": "IBM Tivoli Business Service Manager",
"product_id": "5175",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0217",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2009-0217"
},
{
"cve": "CVE-2009-2625",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2009-2625"
},
{
"cve": "CVE-2012-0881",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2012-0881"
},
{
"cve": "CVE-2012-2098",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2012-2098"
},
{
"cve": "CVE-2013-2172",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2013-2172"
},
{
"cve": "CVE-2013-4002",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2013-4002"
},
{
"cve": "CVE-2013-4517",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2013-4517"
},
{
"cve": "CVE-2015-4852",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2015-6420",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2015-6420"
},
{
"cve": "CVE-2015-7501",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2015-7501"
},
{
"cve": "CVE-2017-15708",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2017-15708"
},
{
"cve": "CVE-2019-13116",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2019-13116"
},
{
"cve": "CVE-2021-33813",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-33813"
},
{
"cve": "CVE-2021-36373",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-36373"
},
{
"cve": "CVE-2021-36374",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-36374"
},
{
"cve": "CVE-2021-40690",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2021-41089",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-41089"
},
{
"cve": "CVE-2021-41091",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2022-22442",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-22442"
},
{
"cve": "CVE-2022-23437",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2022-24769",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-24769"
},
{
"cve": "CVE-2022-30608",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-30608"
},
{
"cve": "CVE-2022-30615",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-30615"
},
{
"cve": "CVE-2022-31129",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-35642",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-35642"
},
{
"cve": "CVE-2022-35717",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-35717"
},
{
"cve": "CVE-2022-36109",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-36109"
},
{
"cve": "CVE-2022-40235",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-40235"
},
{
"cve": "CVE-2022-40747",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-40747"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…