IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to code injection due to CVE-2021-23406
CVEID:CVE-2021-23406
**DESCRIPTION:**Node.js pac-resolver module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe PAC file handling. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
App Connect Enterprise Certified Container | 2.0 with Operator |
App Connect Enterprise Certified Container | 1.5 with Operator |
App Connect Enterprise Certified Container | 1.4 with Operator |
App Connect Enterprise Certified Container 1.4, 1.5 and 2.0
Upgrade to App Connect Enterprise Certified Container Operator version 2.1.0 (available in CASE 2.1.0) or higher, and ensure that all Integration Server components are at 12.0.2.0-r1 or higher.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm app connect enterprise | eq | 1.4 | |
ibm app connect enterprise | eq | 1.5 | |
ibm app connect enterprise | eq | 2.0 |