IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance of IBM App Connect.
CVEID:CVE-2021-29906
**DESCRIPTION:**IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207630 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
App Connect Enterprise Certified Container | 1.0 with Operator |
App Connect Enterprise Certified Container | 1.1 with Operator |
App Connect Enterprise Certified Container | 1.2 with Operator |
App Connect Enterprise Certified Container | 1.3 with Operator |
App Connect Enterprise Certified Container | 1.4 with Operator |
App Connect Enterprise Certified Container | 1.5 with Operator |
App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5
Upgrade to App Connect Enterprise Certified Container Operator version 2.0.0 (available in CASE 2.0.0) or higher, and ensure that all Designer components are at 12.0.1.0-r4 or higher.
App Connect Enterprise Certified Container 1.1 LTS
Upgrade to App Connect Enterprise Certified Container Operator version 1.1.3 EUS (available in CASE 1.1.3) or higher, and ensure that all Designer components are at 11.0.0.13-r2-eus or higher.
The hash of the API key is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance of IBM App Connect.