Lucene search
+L
IbmApp Connect Enterprise Certified Container

12 matches found

CVE
CVE
added 2022/04/01 4:45 p.m.160 views

CVE-2022-22404

The CVE-2022-22404 entry concerns IBM App Connect Enterprise Certified Container Dashboard UI vulnerability in the Dashboard components for versions 1.5, 2.0, 2.1, 3.0 and 3.1, caused by excessive rate limiting that can lead to denial of service. The issue has CVSS v3.0 base score 6.5 (Network, L...

6.5CVSS6.3AI score0.00941EPSS
CVE
CVE
added 2023/02/06 8:25 p.m.87 views

CVE-2022-42439

Summary: IBM App Connect Enterprise (ACE) versions 11.0.0.17–11.0.0.19 and 12.0.4.0–12.0.5.0 contain an unspecified vulnerability in the Discovery Connector nodes that may disclose a third-party system’s credentials to a privileged attacker. Affected products/versions (as documented): ACE 11.0.0....

6.8CVSS5.2AI score0.00671EPSS
CVE
CVE
added 2023/03/15 5:20 p.m.81 views

CVE-2022-43874

CVE-2022-43874 affects IBM App Connect Enterprise Certified Container versions 4.1–7.0 and is a cross-site scripting vulnerability in the Web UI. The underlying issue allows embedding arbitrary JavaScript in the Web UI, which can alter functionality and potentially disclose credentials within a t...

6.1CVSS5.9AI score0.00392EPSS
CVE
CVE
added 2024/12/04 2:8 p.m.74 views

CVE-2024-51465

CVE-2024-51465 affects IBM App Connect Enterprise Certified Container versions 11.4–12.3 and enables a remote authenticated attacker to execute arbitrary commands via a specially crafted request (OS command injection). The IBM bulletin confirms a vulnerability in the IntegrationRuntime/Integratio...

8.8CVSS8.8AI score0.00664EPSS
CVE
CVE
added 2022/07/05 4:10 p.m.72 views

CVE-2022-31770

CVE-2022-31770 affects IBM App Connect Enterprise Certified Container 4.2. A denial-of-service can be triggered by a specially crafted request from the administration console, impacting Dashboard availability. The IBM Security Bulletin confirms the issue and provides remediation: upgrade to App C...

4.9CVSS5AI score0.00859EPSS
CVE
CVE
added 2023/02/01 5:32 p.m.69 views

CVE-2022-43922

Summary: CVE-2022-43922 affects IBM App Connect Enterprise Certified Container versions 4.1–6.2, where a weak hash of the API key in configuration could disclose sensitive information. The root cause is a weak hashing approach used to generate the API key secret. Impact details are as described i...

6.5CVSS5.5AI score0.00358EPSS
CVE
CVE
added 2025/01/09 2:11 p.m.60 views

CVE-2022-22491

CVE-2022-22491 affects IBM App Connect Enterprise Certified Container running on Red Hat OpenShift (versions 7.1–12.4). The root cause is unrestricted writing to the local filesystem, which can exhaust pod storage and cause a restart. The vulnerability is rated with a MEDIUM base CVSS (LOCAL, LOW...

5.5CVSS6.5AI score0.0016EPSS
CVE
CVE
added 2021/07/07 4:30 p.m.58 views

CVE-2021-29759

IBM App Connect Enterprise Certified Container 1.0–1.3 is affected by CVE-2021-29759 due to a flaw in the internal logging mechanism: logs may contain credentials when Designer flows write logs inside the container. The IBM reply bulletin specifies the vulnerability, with CVSS3.0/LOw severity det...

4.4CVSS3.2AI score0.00261EPSS
CVE
CVE
added 2021/10/08 5:20 p.m.51 views

CVE-2021-29906

CVE-2021-29906 – IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when configured to use an IBM Cloud API key to connect to cloud-based connectors. The vulnerability arises because the container image/hash may include the IBM Cloud API key used b...

5.5CVSS5AI score0.00213EPSS
CVE
CVE
added 2024/08/24 11:22 a.m.50 views

CVE-2022-43915

CVE-2022-43915 affects IBM App Connect Enterprise Certified Container versions 5.0 through 12.1. The root cause is that calls to unshare are not limited in running Pods, allowing a user with privileged access to execute commands in a Pod and elevate privileges. Impact is privilege escalation with...

8.1CVSS7.2AI score0.00389EPSS
CVE
CVE
added 2025/01/30 12:4 p.m.50 views

CVE-2022-43916

The CVE-2022-43916 issue affects IBM App Connect Enterprise Certified Container versions 7.1 through 12.7. Pods used for internal infrastructure do not restrict network egress, which can lead to unintended external access or data leakage. Remediation is provided by IBM: upgrade to Operator versio...

9.1CVSS6.6AI score0.00265EPSS
CVE
CVE
added 2020/11/03 1:25 p.m.48 views

CVE-2020-4785

CVE-2020-4785 affects IBM App Connect Enterprise Certified Container Dashboard (versions 1.0.0–1.0.4 with Operator). The vulnerability allows a remote attacker to hijack a victim’s click actions (clickjacking) by luring the user to a malicious site, potentially enabling further attacks. IBM’s bul...

5.4CVSS5.4AI score0.00665EPSS