CVE-2022-42439
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD
Description
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
Affected (9)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 11.0.0.17 to 11.0.0.19 |
| Running on/with | Platform Versions |
|---|---|
Ibm Aix | All versions |
Linux Linux Kernel | All versions |
Microsoft Windows | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.1 |
| Running on/with | Platform Versions |
|---|---|
Redhat Openshift | All versions |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
References (4)
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.