CVE-2022-43916

Published: Jan 30, 2025Modified: Aug 13, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.

Affected (1)

Products: Ibm: App Connect Enterprise Certified Container

1 product

App Connect Enterprise Certified Container

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm App Connect Enterprise Certified Container	From 7.1 to 12.8

Running on/with	Platform Versions
Redhat Openshift	All versions

Related CWEs

Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

References (1)

https://www.ibm.com/support/pages/node/7181916

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.