Medium Severity

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial server due to its use of Apache Xerces2 (CVE-2022-23437)

Share this post:

Apache Xerces2 is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to process internal configuration files. This vulnerability is limited to a malicious insider who can find and manipulate these files.

CVE(s): CVE-2022-23437

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Pak for Multicloud Management Monitoring 2.0 – 2.3 Fix Pack 4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6604051
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217982

More stories

Security Bulletin: IBM Robotic Process Automation is vulnerable to man in the middle attacks through manipulation of client proxy (CVE-2022-36774)

October 3, 2022 | Medium Severity

IBM Robotic Process automation is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. ...read more


Security Bulletin: IBM Robotic Process Automation is vulnerable to a remote attacker bypassing security restrictions due to node.js got module (CVE-2022-33987)

October 3, 2022 | Medium Severity

Node.js got module is used by IBM Robotic Process Automation as part of the web carbon framework. CVE-2022-33987. The fix includes carbon-components 10.56.0. ...read more


Security Bulletin: IBM Robotic Process Automation is vulnerable to cross origin resource shareing using the bot api (CVE-2022-41294)

October 3, 2022 | Medium Severity

IBM Robotic Process Automation is vulnerable to cross origin resource sharing using the bot api. ...read more