CVE-2022-22326 - OpenCVE

IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Mq Appliance M2001 Datapower Gateway Mq Appliance M2002 Firmware Mq Appliance M2001 Firmware Mq Appliance M2002

Configuration 1 [-]

OR	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:o:ibm:mq_appliance_m2002_firmware:::::long_term_support:::*
	cpe:2.3:o:ibm:mq_appliance_m2002_firmware:::::continuous_delivery:::*

cpe:2.3:h:ibm:mq_appliance_m2002:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:ibm:mq_appliance_m2001_firmware:::::long_term_support:::*
	cpe:2.3:o:ibm:mq_appliance_m2001_firmware:::::continuous_delivery:::*

cpe:2.3:h:ibm:mq_appliance_m2001:-:*:*:*:*:*:*:*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/218856	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6560048	Patch Vendor Advisory
https://www.ibm.com/support/pages/node/6608598	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2022-07-29T00:00:00

Updated: 2022-07-31T16:05:24

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22326

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-01T11:15:13.150

Modified: 2022-08-04T17:36:12.380

Link: CVE-2022-22326

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "DataPower Gateway", "vendor": "IBM", "versions": [{"status": "affected", "version": "2018.4.1.0"}, {"status": "affected", "version": "10.0.1.0"}, {"status": "affected", "version": "10.0.2.0"}, {"status": "affected", "version": "10.0.4.0"}, {"status": "affected", "version": "2018.4.1.18"}, {"status": "affected", "version": "10.1.0.5"}]}], "datePublic": "2022-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.5, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/S:U/AC:L/I:N/C:L/AV:L/UI:N/PR:N/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-31T16:05:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6560048"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6608598"}, {"name": "ibm-mq-cve202222326-info-disc (218856)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-29T00:00:00", "ID": "CVE-2022-22326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DataPower Gateway", "version": {"version_data": [{"version_value": "2018.4.1.0"}, {"version_value": "10.0.1.0"}, {"version_value": "10.0.2.0"}, {"version_value": "10.0.4.0"}, {"version_value": "2018.4.1.18"}, {"version_value": "10.1.0.5"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "L", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6560048", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560048 (MQ Appliance)", "url": "https://www.ibm.com/support/pages/node/6560048"}, {"name": "https://www.ibm.com/support/pages/node/6608598", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6608598 (DataPower Gateway)", "url": "https://www.ibm.com/support/pages/node/6608598"}, {"name": "ibm-mq-cve202222326-info-disc (218856)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218856"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22326", "datePublished": "2022-07-29T00:00:00", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2022-07-31T16:05:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E07C4CA0-65A1-40EC-97BC-C94F5A8AB69B", "versionEndExcluding": "10.0.1.6", "versionStartIncluding": "10.0.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "890FAEED-4022-48B6-AC23-7CCA4AB6657A", "versionEndExcluding": "10.0.5.0", "versionStartIncluding": "10.0.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "57942E04-CC81-4C07-AFAA-DA44F4D8BFCF", "versionEndExcluding": "2018.4.1.19", "versionStartIncluding": "2018.4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:mq_appliance_m2002_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "93168CC3-894A-4DF7-9649-7791046D00B9", "versionEndExcluding": "9.2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:mq_appliance_m2002_firmware:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "902E5AA5-E4A2-4FCE-B7D9-04C6700359C0", "versionEndExcluding": "9.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:mq_appliance_m2002:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CA07CA6-D7FB-4630-A48F-31093CAF463F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:mq_appliance_m2001_firmware:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "3BE19C15-143F-4895-8E9B-075DD124A88B", "versionEndExcluding": "9.2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:mq_appliance_m2001_firmware:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "ECA5C3CA-8196-44EC-80C7-67DE74B285D0", "versionEndExcluding": "9.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:mq_appliance_m2001:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACDC6731-E2EA-486D-A80C-B6BA3D2D4DB0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856."}, {"lang": "es", "value": "IBM Datapower Gateway versiones 10.0.2.0 hasta 10.0.4.0, 10.0.1.0 hasta 10.0.1.5 y 2018.4.1.0 hasta 2018.4.1.18, podr\u00eda permitir la visualizaci\u00f3n no autorizada de registros y archivos debido a una insuficiencia de las comprobaciones de autorizaci\u00f3n. IBM X-Force ID: 218856"}], "id": "CVE-2022-22326", "lastModified": "2022-08-04T17:36:12.380", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T11:15:13.150", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218856"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6560048"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608598"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}