PT-2022-6310 · Ibm · Ibm Cloud Pak For Multicloud Management Monitoring
Published
2022-10-06
·
Updated
2023-08-08
·
CVE-2022-42438
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Pak for Multicloud Management Monitoring versions 2.0 through 2.3
Description
The issue is related to incorrect restriction of a directory path with limited access. Exploitation of this issue may allow a remote attacker to elevate their privileges. Users without admin roles can access admin functions by specifying direct URL paths.
Recommendations
For versions 2.0 and 2.3, restrict access to admin functions by specifying direct URL paths until a patch is available.
As a temporary workaround, consider disabling access to admin functions for non-admin users until a fix is released.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Cloud Pak For Multicloud Management Monitoring