CVE-2022-42438 HIGH

CVE-2022-42438: IBM Cloud Pak for Multicloud Management Monitoring privilege escalation

Vendor Ibm

Product Cloud Pak for Multicloud Management Monitoring

Published February 8, 2023

Last update March 25, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.

Key dates

02Disclosure timeline

February 8, 2023 CVE published

March 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-42438