Unauthorized Access to Admin Functions in IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3

Unauthorized Access to Admin Functions in IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3

CVE-2022-42438 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.

Learn more about our Cloud Audit.