IBM2FB146DD338350B561E3972CB22F2D58E0CBC95F041865D881CED182243E4955Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406
0.004 Low
EPSS
Percentile
74.7%
Summary
IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406
Vulnerability Details
CVEID:CVE-2021-23406
**DESCRIPTION:**Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe PAC file handling. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| App Connect Enterprise Certified Container | 2.0 with Operator |
| App Connect Enterprise Certified Container | 1.5 with Operator |
| App Connect Enterprise Certified Container | 1.4 with Operator |
Remediation/Fixes
App Connect Enterprise Certified Container 1.4, 1.5 and 2.0
Upgrade to App Connect Enterprise Certified Container Operator version 2.1.0 (available in CASE 2.1.0) or higher, and ensure that all Integration Server components are at 12.0.2.0-r1 or higher.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm app connect enterprise | eq | 1.4 | |
| ibm app connect enterprise | eq | 1.5 | |
| ibm app connect enterprise | eq | 2.0 |
Related
0.004 Low
EPSS
Percentile
74.7%