Lucene search

[email protected]NVD:CVE-2022-43915

HistoryAug 24, 2024 - 12:15 p.m.

CVE-2022-43915

2024-08-2412:15:04

CWE-732

[email protected]

web.nvd.nist.gov

ibm

app connect

enterprise

certified container

unshare

privilege escalation

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

19.7%

JSON

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges.

Affected configurations

Nvd

Node

ibmapp_connect_enterprise_certified_containerMatch5.0lts

ibmapp_connect_enterprise_certified_containerMatch7.1

ibmapp_connect_enterprise_certified_containerMatch7.2

ibmapp_connect_enterprise_certified_containerMatch8.0

ibmapp_connect_enterprise_certified_containerMatch8.1

ibmapp_connect_enterprise_certified_containerMatch8.2

ibmapp_connect_enterprise_certified_containerMatch9.0

ibmapp_connect_enterprise_certified_containerMatch9.1

ibmapp_connect_enterprise_certified_containerMatch9.2

ibmapp_connect_enterprise_certified_containerMatch10.0

ibmapp_connect_enterprise_certified_containerMatch10.1

ibmapp_connect_enterprise_certified_containerMatch11.0

ibmapp_connect_enterprise_certified_containerMatch11.1

ibmapp_connect_enterprise_certified_containerMatch11.2

ibmapp_connect_enterprise_certified_containerMatch11.3

ibmapp_connect_enterprise_certified_containerMatch11.4

ibmapp_connect_enterprise_certified_containerMatch11.5

ibmapp_connect_enterprise_certified_containerMatch11.6

ibmapp_connect_enterprise_certified_containerMatch12.0lts

ibmapp_connect_enterprise_certified_containerMatch12.1

VendorProductVersionCPE
ibmapp_connect_enterprise_certified_container5.0cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
ibmapp_connect_enterprise_certified_container7.1cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container7.2cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container8.0cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container8.1cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container8.2cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container9.0cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container9.1cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container9.2cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
ibmapp_connect_enterprise_certified_container10.0cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	app_connect_enterprise_certified_container	5.0	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0::::lts:::
ibm	app_connect_enterprise_certified_container	7.1	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:::::::*
ibm	app_connect_enterprise_certified_container	7.2	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:::::::*
ibm	app_connect_enterprise_certified_container	8.0	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:::::::*
ibm	app_connect_enterprise_certified_container	8.1	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:::::::*
ibm	app_connect_enterprise_certified_container	8.2	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:::::::*
ibm	app_connect_enterprise_certified_container	9.0	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:::::::*
ibm	app_connect_enterprise_certified_container	9.1	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:::::::*
ibm	app_connect_enterprise_certified_container	9.2	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:::::::*
ibm	app_connect_enterprise_certified_container	10.0	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:::::::*

Rows per page:

1-10 of 201

References

exchange.xforce.ibmcloud.com/vulnerabilities/241037

www.ibm.com/support/pages/node/7166463

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

19.7%

JSON

Related for NVD:CVE-2022-43915

vulnrichment1 cvelist1 cve1 ibm1