Lucene search
IbmCVE-2022-43915HistoryAug 24, 2024 - 12:15 p.m.
CVE-2022-43915
2024-08-2412:15:04
CWE-732
ibm
web.nvd.nist.gov
30
ibm app connect enterprise
certified container
unrestricted unshare calls
running pods
user privileges
cve-2022-43915
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
19.7%
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges.
Affected configurations
Node
ibmapp_connect_enterprise_certified_containerMatch5.0lts
ORibmapp_connect_enterprise_certified_containerMatch7.1
ORibmapp_connect_enterprise_certified_containerMatch7.2
ORibmapp_connect_enterprise_certified_containerMatch8.0
ORibmapp_connect_enterprise_certified_containerMatch8.1
ORibmapp_connect_enterprise_certified_containerMatch8.2
ORibmapp_connect_enterprise_certified_containerMatch9.0
ORibmapp_connect_enterprise_certified_containerMatch9.1
ORibmapp_connect_enterprise_certified_containerMatch9.2
ORibmapp_connect_enterprise_certified_containerMatch10.0
ORibmapp_connect_enterprise_certified_containerMatch10.1
ORibmapp_connect_enterprise_certified_containerMatch11.0
ORibmapp_connect_enterprise_certified_containerMatch11.1
ORibmapp_connect_enterprise_certified_containerMatch11.2
ORibmapp_connect_enterprise_certified_containerMatch11.3
ORibmapp_connect_enterprise_certified_containerMatch11.4
ORibmapp_connect_enterprise_certified_containerMatch11.5
ORibmapp_connect_enterprise_certified_containerMatch11.6
ORibmapp_connect_enterprise_certified_containerMatch12.0lts
ORibmapp_connect_enterprise_certified_containerMatch12.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | app_connect_enterprise_certified_container | 5.0 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:* |
| ibm | app_connect_enterprise_certified_container | 7.1 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 7.2 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 8.0 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 8.1 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 8.2 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 9.0 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 9.1 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 9.2 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:* |
| ibm | app_connect_enterprise_certified_container | 10.0 | cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise Certified Container",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1"
}
]
}
]Related
nvd
nvd
CVE-2022-43915
2024-08-24 12:15:04
vulnrichment
vulnrichment
CVE-2022-43915 IBM App Connect Enterprise Certified Container
2024-08-24 11:22:02
cvelist
cvelist
CVE-2022-43915 IBM App Connect Enterprise Certified Container
2024-08-24 11:22:02
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
19.7%
Related for CVE-2022-43915