12 matches found
CVE-2022-22404
The CVE-2022-22404 entry concerns IBM App Connect Enterprise Certified Container Dashboard UI vulnerability in the Dashboard components for versions 1.5, 2.0, 2.1, 3.0 and 3.1, caused by excessive rate limiting that can lead to denial of service. The issue has CVSS v3.0 base score 6.5 (Network, L...
CVE-2022-42439
Summary: IBM App Connect Enterprise (ACE) versions 11.0.0.17–11.0.0.19 and 12.0.4.0–12.0.5.0 contain an unspecified vulnerability in the Discovery Connector nodes that may disclose a third-party system’s credentials to a privileged attacker. Affected products/versions (as documented): ACE 11.0.0....
CVE-2022-43874
CVE-2022-43874 affects IBM App Connect Enterprise Certified Container versions 4.1–7.0 and is a cross-site scripting vulnerability in the Web UI. The underlying issue allows embedding arbitrary JavaScript in the Web UI, which can alter functionality and potentially disclose credentials within a t...
CVE-2024-51465
CVE-2024-51465 affects IBM App Connect Enterprise Certified Container versions 11.4–12.3 and enables a remote authenticated attacker to execute arbitrary commands via a specially crafted request (OS command injection). The IBM bulletin confirms a vulnerability in the IntegrationRuntime/Integratio...
CVE-2022-31770
CVE-2022-31770 affects IBM App Connect Enterprise Certified Container 4.2. A denial-of-service can be triggered by a specially crafted request from the administration console, impacting Dashboard availability. The IBM Security Bulletin confirms the issue and provides remediation: upgrade to App C...
CVE-2022-43922
Summary: CVE-2022-43922 affects IBM App Connect Enterprise Certified Container versions 4.1–6.2, where a weak hash of the API key in configuration could disclose sensitive information. The root cause is a weak hashing approach used to generate the API key secret. Impact details are as described i...
CVE-2022-22491
CVE-2022-22491 affects IBM App Connect Enterprise Certified Container running on Red Hat OpenShift (versions 7.1–12.4). The root cause is unrestricted writing to the local filesystem, which can exhaust pod storage and cause a restart. The vulnerability is rated with a MEDIUM base CVSS (LOCAL, LOW...
CVE-2021-29759
IBM App Connect Enterprise Certified Container 1.0–1.3 is affected by CVE-2021-29759 due to a flaw in the internal logging mechanism: logs may contain credentials when Designer flows write logs inside the container. The IBM reply bulletin specifies the vulnerability, with CVSS3.0/LOw severity det...
CVE-2021-29906
CVE-2021-29906 – IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when configured to use an IBM Cloud API key to connect to cloud-based connectors. The vulnerability arises because the container image/hash may include the IBM Cloud API key used b...
CVE-2022-43915
CVE-2022-43915 affects IBM App Connect Enterprise Certified Container versions 5.0 through 12.1. The root cause is that calls to unshare are not limited in running Pods, allowing a user with privileged access to execute commands in a Pod and elevate privileges. Impact is privilege escalation with...
CVE-2022-43916
The CVE-2022-43916 issue affects IBM App Connect Enterprise Certified Container versions 7.1 through 12.7. Pods used for internal infrastructure do not restrict network egress, which can lead to unintended external access or data leakage. Remediation is provided by IBM: upgrade to Operator versio...
CVE-2020-4785
CVE-2020-4785 affects IBM App Connect Enterprise Certified Container Dashboard (versions 1.0.0–1.0.4 with Operator). The vulnerability allows a remote attacker to hijack a victim’s click actions (clickjacking) by luring the user to a malicious site, potentially enabling further attacks. IBM’s bul...