Vulnerability Details
Basic Information
| Title | Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery (CVE-2022-22493) |
|---|---|
| Type | ibm |
| Published | 2025-04-29T02:25:57 |
| Last Seen | 2025-04-29T11:06:05 |
| CVSS Score | 8.8 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2022-22493 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery. This has been addressed.
## Vulnerability Details
**CVEID:**CVE-2022-22493
**DESCRIPTION:** IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery, caused by improper cookie attribute setting.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226449 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
## Affected Products and Versions
These vulnerabilities affect all versions of IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps up to and including 1.4.2.
## Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading to 1.4.3 or higher.
Follow https://www.ibm.com/docs/en/ws-automation?topic=installing-validating-installation to confirm the WebSphere Automation operator version.
Follow https://www.ibm.com/docs/en/ws-automation?topic=installing-updating-websphere-automation to update the WebSphere Automation operator installation.
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 8.8 |
|---|---|
| Severity | HIGH |