IBM8EE44420424F31FCA44FD53B114A6ECE4535001464145F6E2CF1A5C446B81C76Security Bulletin: IBM App Connect Enterprise Certified Container could allow a privileged user to obtain sensitive information from internal log files (CVE-2021-29759)
0.0004 Low
EPSS
Percentile
12.7%
Summary
The Integration Server component in IBM App Connect Enterprise Certified Container, when running Designer flows, writes some logs to a log file inside the container. A flaw in the logging may result in credential information being written to the logs.
Vulnerability Details
CVEID:CVE-2021-29759
**DESCRIPTION:**IBM App Connect Enterprise Certified Container could allow a privileged user to obtain sensitive information from internal log files.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202212 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| App Connect Enterprise Certified Container | 1.0 with Operator |
| App Connect Enterprise Certified Container | 1.1 with Operator |
| App Connect Enterprise Certified Container | 1.2 with Operator |
| App Connect Enterprise Certified Container | 1.3 with Operator |
Remediation/Fixes
App Connect Enterprise Certified Container 1.0, 1.2 and 1.3 CD
Upgrade to App Connect Enterprise Certified Container Operator version 1.4.0 (available in CASE 1.4.0) or higher, and ensure that all Integration Server components are at 11.0.0.12-r1 or higher.
App Connect Enterprise Certified Container 1.1 LTS
Upgrade to App Connect Enterprise Certified Container Operator version 1.1.2 EUS (available in CASE 1.1.2) or higher, and ensure that all Integration Server components are at 11.0.0.13-r1-eus or higher.
Workarounds and Mitigations
None
Related
0.0004 Low
EPSS
Percentile
12.7%