Lucene search

[email protected]NVD:CVE-2022-43922

HistoryFeb 01, 2023 - 6:15 p.m.

CVE-2022-43922

2023-02-0118:15:10

CWE-326

[email protected]

web.nvd.nist.gov

ibm

app connect enterprise

certified container

sensitive information disclosure

weak api key hash

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

24.3%

JSON

IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.

Affected configurations

Nvd

Node

ibmapp_connect_enterprise_certified_containerMatch4.1

ibmapp_connect_enterprise_certified_containerMatch4.2

ibmapp_connect_enterprise_certified_containerMatch5.0lts

ibmapp_connect_enterprise_certified_containerMatch5.1

ibmapp_connect_enterprise_certified_containerMatch5.2

ibmapp_connect_enterprise_certified_containerMatch6.0

ibmapp_connect_enterprise_certified_containerMatch6.1

ibmapp_connect_enterprise_certified_containerMatch6.2

AND

redhatopenshiftMatch-

References

exchange.xforce.ibmcloud.com/vulnerabilities/241583

www.ibm.com/support/pages/node/6857807

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

24.3%

JSON

Related for NVD:CVE-2022-43922

ibm1 osv1 prion1 cve1 cvelist1