{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-35279", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "dateUpdated": "2025-05-02T20:22:24.213Z", "dateReserved": "2022-07-06T00:00:00.000Z", "datePublished": "2022-11-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2022-11-03T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.\""}], "affected": [{"vendor": "n/a", "product": "IBM Business Automation Workflow", "versions": [{"version": "\"18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1\"", "status": "affected"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/6829847"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Information Disclosure"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:36:44.258Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6829847", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T20:21:13.695221Z", "id": "CVE-2022-35279", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T20:22:24.213Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6829847", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:36:44.258Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-35279", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T20:21:13.695221Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T20:21:50.023Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "IBM Business Automation Workflow", "versions": [{"status": "affected", "version": "\"18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1\""}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/6829847"}], "descriptions": [{"lang": "en", "value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Information Disclosure"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2022-11-03T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-35279", "state": "PUBLISHED", "dateUpdated": "2025-05-02T20:22:24.213Z", "dateReserved": "2022-07-06T00:00:00.000Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2022-11-03T00:00:00.000Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*", "matchCriteriaId": "EBA0D501-8535-4CAF-BFAD-88AC5E1FBA03", "versionEndIncluding": "18.0.0.2", "versionStartIncluding": "18.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*", "matchCriteriaId": "9BBBCE4C-7230-4CF5-A9BA-1BB8F479E433", "versionEndIncluding": "19.0.0.3", "versionStartIncluding": "19.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*", "matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:-:*:*:containers:*:*:*", "matchCriteriaId": "824ACC07-E351-437A-9FAB-7F2E47DE9205", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*", "matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:-:*:*:containers:*:*:*", "matchCriteriaId": "485FFABA-EF59-4C36-8B6E-E32A99C02381", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*", "matchCriteriaId": "83966976-3307-4B4C-AE62-7BF040BEF0F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:traditional:*:*:*", "matchCriteriaId": "B2A3E3AF-14A2-44E6-A17F-ACD63B010E43", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:-:*:*:containers:*:*:*", "matchCriteriaId": "EB656C4F-19FC-4763-93C8-940A2B38B729", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:traditional:*:*:*", "matchCriteriaId": "D1DC801A-0F25-48D2-8465-31B5A0939EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*", "matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*", "matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*", "matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*", "matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*", "matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*", "matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*", "matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*", "matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*", "matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*", "matchCriteriaId": "69B77521-AF61-4711-9219-12D6DADB6F5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if001:*:*:containers:*:*:*", "matchCriteriaId": "E2AEA4BA-C309-4069-9226-B86C1B68F93C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.\""}, {"lang": "es", "value": "\"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3 y 22.0.1 podr\u00edan revelar informaci\u00f3n confidencial de la versi\u00f3n a usuarios autenticados que podr\u00eda usarse en futuros ataques contra el sistema. IBM X-Force ID: 230537.\""}], "id": "CVE-2022-35279", "lastModified": "2025-05-02T21:15:17.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-03T20:15:28.853", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6829847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6829847"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}