2 matches found
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module (CVE-2022-29247, CVE-2022-36077)
Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the electron module CVE-2022-29247, CVE-2022-36077. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes electron v21.2.0 Vulnerability Details CVEID:CVE-2022-36077...
CVE-2022-36077
The CVE-2022-36077 vulnerability affects the Electron framework in versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, where following redirects to file:// URLs can trigger Windows NTLM credential leakage via SMB targets. The issue is triggered when Electron delays a redirect check betw...