CVE-2022-43915

Published: Aug 24, 2024Modified: Sep 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.

Affected (20)

Products: Ibm: App Connect Enterprise Certified Container

Ibm

1 product

App Connect Enterprise Certified Container

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Ibm App Connect Enterprise Certified Container	Version 10.0
Ibm App Connect Enterprise Certified Container	Version 10.1
Ibm App Connect Enterprise Certified Container	Version 11.0
Ibm App Connect Enterprise Certified Container	Version 11.1
Ibm App Connect Enterprise Certified Container	Version 11.2
Ibm App Connect Enterprise Certified Container	Version 11.3
Ibm App Connect Enterprise Certified Container	Version 11.4
Ibm App Connect Enterprise Certified Container	Version 11.5
Ibm App Connect Enterprise Certified Container	Version 11.6
Ibm App Connect Enterprise Certified Container	Version 12.0
Ibm App Connect Enterprise Certified Container	Version 12.1
Ibm App Connect Enterprise Certified Container	Version 5.0
Ibm App Connect Enterprise Certified Container	Version 7.1
Ibm App Connect Enterprise Certified Container	Version 7.2
Ibm App Connect Enterprise Certified Container	Version 8.0
Ibm App Connect Enterprise Certified Container	Version 8.1
Ibm App Connect Enterprise Certified Container	Version 8.2
Ibm App Connect Enterprise Certified Container	Version 9.0
Ibm App Connect Enterprise Certified Container	Version 9.1
Ibm App Connect Enterprise Certified Container	Version 9.2

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://exchange.xforce.ibmcloud.com/vulnerabilities/241037

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/7166463

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.