## Summary

IBM Edge Application Manager 4.5 has resolved the vulnerability.

## Vulnerability Details

** CVEID: **[CVE-2022-3172]()
** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing an aggregated API server to redirect client traffic to any URL. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to unexpected actions and the client’s API server credentials to third parties.
CVSS Base score: 5.1
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236344]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM Edge Application Manager| 4.4
IBM Edge Application Manager| 4.3

## Remediation/Fixes

The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.

## Workarounds and Mitigations

None

##Read More