Lucene search

IBM8468D45E07B6A243C90C3F2D6820536A0CFD6C328CFFF2A9BB2B32490C4C6523

HistoryJan 30, 2023 - 9:12 a.m.

Security Bulletin: IBM App Connect Enterprise is vulnerable to a buffer overflow due to CVE-2022-42444

2023-01-3009:12:46

www.ibm.com

ibm

app connect enterprise

buffer overflow

vulnerability

fix

apar

it42138

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.4%

JSON

Summary

IBM App Connect Enterprise contains a buffer overflow vulnerability which could allow a malicious administrator to cause an integration server process to abend. The fix provided resolves the vulnerability

Vulnerability Details

CVEID:CVE-2022-42444
**DESCRIPTION:**IBM App Connect Enterprise is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238538 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM App Connect Enterprise	11.0.0.8 - 11.0.0.19
IBM App Connect Enterprise	12.0.1.0 - 12.0.5.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise

Product(s)	Version(s)	APAR	Remediation / Fix
IBM App Connect Enterprise	v12.0.1.0 - v12.0.5.0	IT42138

The APAR (IT42138) is available in fixpack 12.0.6.0

IBM App Connect Enterprise version v12 - Fixpack 12.0.6.0

IBM App Connect Enterprise| v11.0.0.8 - v11.0.0.19| IT42138|

The APAR (IT42138) is available in fixpack 11.0.0.20

IBM App Connect Enterprise version v11 - Fixpack 11.0.0.20

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmapp_connect_enterpriseRange11.0.0.8≥

ibmapp_connect_enterpriseRange≤11.0.0.19

ibmapp_connect_enterpriseRange12.0.1.0≥

ibmapp_connect_enterpriseRange≤12.0.5.0

CPENameOperatorVersion
ibm app connect enterprisege11.0.0.8
ibm app connect enterprisele11.0.0.19
ibm app connect enterprisege12.0.1.0
ibm app connect enterprisele12.0.5.0

Name	Operator	Version
ibm app connect enterprise	ge	11.0.0.8
ibm app connect enterprise	le	11.0.0.19
ibm app connect enterprise	ge	12.0.1.0
ibm app connect enterprise	le	12.0.5.0

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for 8468D45E07B6A243C90C3F2D6820536A0CFD6C328CFFF2A9BB2B32490C4C6523