Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMACB3E814A55E34921354A12A334429CA098D9582585C3CCB6210D9B1FAE0555C
HistoryDec 12, 2022 - 4:06 p.m.

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom [CVE-2022-39353]

2022-12-1216:06:18
www.ibm.com
9
ibm app connect enterprise
remote attacker vulnerability
xmldom module
fix
version 12.0.1.0 - 12.0.6.0
it42451
12.0.7.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.7%

JSON

Summary

IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom. [CVE-2022-39353] The resolving fix includes xmldom 0.8.5 and 0.8.6

Vulnerability Details

CVEID:CVE-2022-39353
**DESCRIPTION:**Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by the use of multiple top level elements. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication and obtain administrative access.
CVSS Base score: 9.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239426 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM App Connect Enterprise 12.0.1.0 - 12.0.6.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise

Product(s)

|

Version(s)

|

APAR

|

Remediation / Fix

—|—|—|—

IBM App Connect Enterprise

|

v12.0.1.0 - v12.0.6.0

|

IT42451

|

The APAR IT42451 is available in fix pack 12.0.7.0

IBM App Connect Enterprise - 12.0.7.0

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmapp_connect_enterpriseRange12.0.1.0
OR
ibmapp_connect_enterpriseRange12.0.6.0

Related

ibm 4
cbl_mariner 1
veracode 1
nvd 1
redhatcve 1
osv 4
cve 1
debiancve 1
ubuntucve 1
prion 1
cvelist 1
github 1
nessus 2
debian 1
openvas 2
ubuntu 1
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2022-39353
2022-12-01 16:35:30
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node [CVE-2022-39353]
2022-12-15 10:43:35
Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2023
2023-04-01 14:09:24
cbl_mariner
cbl_mariner
CVE-2022-39353 affecting package python-tensorboard for versions less than 2.16.2-1
2024-05-17 21:38:35
veracode
veracode
Improper Input Validation
2022-11-03 05:26:31
nvd
nvd
CVE-2022-39353
2022-11-02 17:15:17
redhatcve
redhatcve
CVE-2022-39353
2022-11-14 03:56:39
osv
osv
CVE-2022-39353
2022-11-02 17:15:17
node-xmldom - security update
2023-01-01 00:00:00
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
cve
cve
CVE-2022-39353
2022-11-02 17:15:17
debiancve
debiancve
CVE-2022-39353
2022-11-02 17:15:17
ubuntucve
ubuntucve
CVE-2022-39353
2022-11-02 00:00:00
prion
prion
Design/Logic Flaw
2022-11-02 17:15:00
cvelist
cvelist
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
2022-11-02 00:00:00
github
github
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
nessus
nessus
Debian DLA-3260-1 : node-xmldom - LTS security update
2023-01-07 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
2023-05-24 00:00:00
debian
debian
[SECURITY] [DLA 3260-1] node-xmldom security update
2023-01-01 17:00:48
openvas
openvas
Debian: Security Advisory (DLA-3260-1)
2023-01-02 00:00:00
Ubuntu: Security Advisory (USN-6102-1)
2023-05-25 00:00:00
ubuntu
ubuntu
xmldom vulnerabilities
2023-05-24 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.7%

JSON
Related for ACB3E814A55E34921354A12A334429CA098D9582585C3CCB6210D9B1FAE0555C
ibm4cbl_mariner1veracode1nvd1redhatcve1osv4cve1debiancve1ubuntucve1prion1cvelist1github1nessus2debian1openvas2ubuntu1