## Summary
IBM Edge Application Manager 4.5 has resolved the vulnerability.
## Vulnerability Details
** CVEID: **[CVE-2022-3172]()
** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing an aggregated API server to redirect client traffic to any URL. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to unexpected actions and the client’s API server credentials to third parties.
CVSS Base score: 5.1
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236344]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM Edge Application Manager| 4.4
IBM Edge Application Manager| 4.3
## Remediation/Fixes
The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.
## Workarounds and Mitigations
None