Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for App Connect Enterprise Certified Container by IBM

    CVE-2025-13491 (GCVE-0-2025-13491)

    Vulnerability from nvd – Published: 2026-02-05 13:55 – Updated: 2026-03-13 23:16
    VLAI
    Title
    IBM App Connect Enterprise Certified Container Information Disclosure
    Summary
    IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259746 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 11.2.0 , ≤ 11.6.0 (semver)
    Affected: 12.1.0 , ≤ 12.19.0 (semver)
    Affected: 12.0.0 , ≤ 12.0.19 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:46:00.445395Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:46:23.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.0",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.19.0",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.19",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003cspan\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;\u003c/span\u003eCD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u0026nbsp;\u003cspan\u003eand\u0026nbsp;\u003c/span\u003e12.0 LTS: 12.0.0 through 12.0.19\u003cspan\u003e\u0026nbsp;could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container\u00a0CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u00a0and\u00a012.0 LTS: 12.0.0 through 12.0.19\u00a0could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T23:16:33.682Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259746"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container Information Disclosure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Disable mapping assistance in the DesignerAuthoring component"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13491",
        "datePublished": "2026-02-05T13:55:21.838Z",
        "dateReserved": "2025-11-20T21:11:07.402Z",
        "dateUpdated": "2026-03-13T23:16:33.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36133 (GCVE-0-2025-36133)

    Vulnerability from nvd – Published: 2025-09-01 11:56 – Updated: 2025-09-02 20:33
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7243690 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 9.2.0 , ≤ 11.6.0 (semver)
    Affected: 12.0.0 , ≤ 12.0.14 (semver)
    Affected: 12.1.0 , ≤ 12.14.0 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T20:33:20.745830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T20:33:30.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.0",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.14",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.14.0",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and\u0026nbsp;12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and\u00a012.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T11:56:19.981Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7243690"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36133",
        "datePublished": "2025-09-01T11:56:19.981Z",
        "dateReserved": "2025-04-15T21:16:19.007Z",
        "dateUpdated": "2025-09-02T20:33:30.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1993 (GCVE-0-2025-1993)

    Vulnerability from nvd – Published: 2025-05-09 17:12 – Updated: 2025-08-31 01:27
    VLAI
    Title
    IBM App Connect Enterprise Certified Container information disclosure
    Summary
    IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7233054 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 8.1
    Affected: 8.2
    Affected: 9.0
    Affected: 9.1
    Affected: 9.2
    Affected: 10.0
    Affected: 10.1
    Affected: 11.0
    Affected: 11.1
    Affected: 11.2
    Affected: 11.3
    Affected: 11.4
    Affected: 11.5
    Affected: 11.6
    Affected: 12.0
    Affected: 12.1
    Affected: 12.2
    Affected: 12.3
    Affected: 12.4
    Affected: 12.5
    Affected: 12.6
    Affected: 12.7
    Affected: 12.8
    Affected: 12.9
    Affected: 12.10
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T19:27:49.855326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T19:41:57.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1"
                },
                {
                  "status": "affected",
                  "version": "8.2"
                },
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.2"
                },
                {
                  "status": "affected",
                  "version": "10.0"
                },
                {
                  "status": "affected",
                  "version": "10.1"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.1"
                },
                {
                  "status": "affected",
                  "version": "11.2"
                },
                {
                  "status": "affected",
                  "version": "11.3"
                },
                {
                  "status": "affected",
                  "version": "11.4"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "11.6"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1"
                },
                {
                  "status": "affected",
                  "version": "12.2"
                },
                {
                  "status": "affected",
                  "version": "12.3"
                },
                {
                  "status": "affected",
                  "version": "12.4"
                },
                {
                  "status": "affected",
                  "version": "12.5"
                },
                {
                  "status": "affected",
                  "version": "12.6"
                },
                {
                  "status": "affected",
                  "version": "12.7"
                },
                {
                  "status": "affected",
                  "version": "12.8"
                },
                {
                  "status": "affected",
                  "version": "12.9"
                },
                {
                  "status": "affected",
                  "version": "12.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-31T01:27:51.511Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7233054"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly suggests the following:\nApp Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher.  Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ewww.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher.  Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ewww.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\nApp Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher.  Documentation on the upgrade process is available at  www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator http://www.ibm.com/docs/en/app-connect/13.0 \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher.  Documentation on the upgrade process is available at  www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases http://www.ibm.com/docs/en/app-connect/12.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-1993",
        "datePublished": "2025-05-09T17:12:10.041Z",
        "dateReserved": "2025-03-05T16:10:31.630Z",
        "dateUpdated": "2025-08-31T01:27:51.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52362 (GCVE-0-2024-52362)

    Vulnerability from nvd – Published: 2025-03-12 14:04 – Updated: 2025-09-01 01:06
    VLAI
    Title
    IBM App Connect Enterprise Certified Container denial of service
    Summary
    IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1286 - Improper Validation of Syntactic Correctness of Input
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7185527 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:13:55.785610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:14:08.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1286",
                  "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:06:08.715Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7185527"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-52362",
        "datePublished": "2025-03-12T14:04:10.525Z",
        "dateReserved": "2024-11-10T16:11:09.567Z",
        "dateUpdated": "2025-09-01T01:06:08.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43916 (GCVE-0-2022-43916)

    Vulnerability from nvd – Published: 2025-01-30 12:04 – Updated: 2025-02-18 19:00
    VLAI
    Title
    IBM App Connect Enterprise Certified Container improper communications restriction
    Summary
    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T13:20:39.455687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T19:00:47.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.\u003cbr\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-30T12:16:26.548Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7181916"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container improper communications restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43916",
        "datePublished": "2025-01-30T12:04:47.259Z",
        "dateReserved": "2022-10-26T15:46:22.846Z",
        "dateUpdated": "2025-02-18T19:00:47.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22491 (GCVE-0-2022-22491)

    Vulnerability from nvd – Published: 2025-01-09 14:11 – Updated: 2025-01-09 14:22
    VLAI
    Title
    IBM App Connect Enterprise Certified Container denial of service
    Summary
    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T14:21:17.281118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T14:22:35.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container\u0026nbsp;7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container\u00a07.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T14:11:28.233Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7180500"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22491",
        "datePublished": "2025-01-09T14:11:28.233Z",
        "dateReserved": "2022-01-03T22:29:21.009Z",
        "dateUpdated": "2025-01-09T14:22:35.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51465 (GCVE-0-2024-51465)

    Vulnerability from nvd – Published: 2024-12-04 14:08 – Updated: 2024-12-04 14:29
    VLAI
    Title
    IBM App Connect Enterprise Certified Container command execution
    Summary
    IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T14:29:21.331474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T14:29:54.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3\u0026nbsp;\u003c/span\u003ecould allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3\u00a0could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-04T14:08:58.092Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7177814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container command execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51465",
        "datePublished": "2024-12-04T14:08:58.092Z",
        "dateReserved": "2024-10-28T10:50:10.475Z",
        "dateUpdated": "2024-12-04T14:29:54.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43915 (GCVE-0-2022-43915)

    Vulnerability from nvd – Published: 2024-08-24 11:22 – Updated: 2024-09-21 09:51
    VLAI
    Title
    IBM App Connect Enterprise Certified Container
    Summary
    IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T12:12:27.283415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T12:12:43.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-21T09:51:18.418Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166463"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241037"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43915",
        "datePublished": "2024-08-24T11:22:02.059Z",
        "dateReserved": "2022-10-26T15:46:22.846Z",
        "dateUpdated": "2024-09-21T09:51:18.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43874 (GCVE-0-2022-43874)

    Vulnerability from nvd – Published: 2023-03-15 17:20 – Updated: 2025-02-26 21:25
    VLAI
    Title
    IBM App Connect Enterprise Certified Container
    Summary
    IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, 7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6960189"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239963"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:25:44.646097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T21:25:52.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, 7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239963."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239963."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-15T17:20:24.972Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6960189"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239963"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43874",
        "datePublished": "2023-03-15T17:20:24.972Z",
        "dateReserved": "2022-10-26T15:46:22.828Z",
        "dateUpdated": "2025-02-26T21:25:52.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43922 (GCVE-0-2022-43922)

    Vulnerability from nvd – Published: 2023-02-01 17:32 – Updated: 2025-03-26 18:42
    VLAI
    Title
    IBM App Connect Enterprise Certified Container information disclosure
    Summary
    IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 328 Reversible One-Way Hash
    • CWE-328 - Use of Weak Hash
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6857807"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T16:05:11.286042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-328",
                    "description": "CWE-328 Use of Weak Hash",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T18:42:41.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "328 Reversible One-Way Hash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T17:32:29.171Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6857807"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43922",
        "datePublished": "2023-02-01T17:32:29.171Z",
        "dateReserved": "2022-10-26T15:46:22.848Z",
        "dateUpdated": "2025-03-26T18:42:41.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31770 (GCVE-0-2022-31770)

    Vulnerability from nvd – Published: 2022-07-05 16:10 – Updated: 2024-09-17 04:19
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6601125"
              },
              {
                "name": "ibm-appconnect-cve202231770-dos (228221)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228221"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:H/AV:N/UI:N/C:N/PR:H/AC:L/I:N/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T16:10:10.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6601125"
            },
            {
              "name": "ibm-appconnect-cve202231770-dos (228221)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228221"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-04T00:00:00",
              "ID": "CVE-2022-31770",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6601125",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6601125 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6601125"
                },
                {
                  "name": "ibm-appconnect-cve202231770-dos (228221)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228221"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-31770",
        "datePublished": "2022-07-05T16:10:10.491Z",
        "dateReserved": "2022-05-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:19.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22404 (GCVE-0-2022-22404)

    Vulnerability from nvd – Published: 2022-04-01 16:45 – Updated: 2024-09-16 19:15
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.5
    Affected: 2.0
    Affected: 2.1
    Affected: 3.0
    Affected: 3.1
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6568359"
              },
              {
                "name": "ibm-appconnect-cve202222404-dos (222575)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222575"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:H/PR:L/S:U/AV:N/UI:N/AC:L/I:N/C:N/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-01T16:45:31.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6568359"
            },
            {
              "name": "ibm-appconnect-cve202222404-dos (222575)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222575"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-03-31T00:00:00",
              "ID": "CVE-2022-22404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5"
                              },
                              {
                                "version_value": "2.0"
                              },
                              {
                                "version_value": "2.1"
                              },
                              {
                                "version_value": "3.0"
                              },
                              {
                                "version_value": "3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6568359",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6568359 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6568359"
                },
                {
                  "name": "ibm-appconnect-cve202222404-dos (222575)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222575"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22404",
        "datePublished": "2022-04-01T16:45:31.249Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:15:51.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-29906 (GCVE-0-2021-29906)

    Vulnerability from nvd – Published: 2021-10-08 17:20 – Updated: 2024-09-16 17:32
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Create a notification for this product.
    Date Public
    2021-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:18:03.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6497177"
              },
              {
                "name": "ibm-appconnect-cve202129906-info-disc (207630)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                }
              ]
            }
          ],
          "datePublic": "2021-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/S:U/A:N/C:H/AV:L/PR:N/UI:N/AC:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-08T17:20:13.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6497177"
            },
            {
              "name": "ibm-appconnect-cve202129906-info-disc (207630)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-10-07T00:00:00",
              "ID": "CVE-2021-29906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.0.1"
                              },
                              {
                                "version_value": "1.0.2"
                              },
                              {
                                "version_value": "1.0.3"
                              },
                              {
                                "version_value": "1.0.4"
                              },
                              {
                                "version_value": "1.0.5"
                              },
                              {
                                "version_value": "1.1"
                              },
                              {
                                "version_value": "1.2"
                              },
                              {
                                "version_value": "1.3"
                              },
                              {
                                "version_value": "1.4"
                              },
                              {
                                "version_value": "1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6497177",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6497177 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6497177"
                },
                {
                  "name": "ibm-appconnect-cve202129906-info-disc (207630)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-29906",
        "datePublished": "2021-10-08T17:20:13.582Z",
        "dateReserved": "2021-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:49.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-29759 (GCVE-0-2021-29759)

    Vulnerability from nvd – Published: 2021-07-07 16:30 – Updated: 2024-09-16 16:48
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Create a notification for this product.
    Date Public
    2021-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:18:02.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6469449"
              },
              {
                "name": "ibm-appconnect-cve202129759-info-disc (202212)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                }
              ]
            }
          ],
          "datePublic": "2021-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/C:H/I:N/UI:N/AV:L/PR:H/A:N/AC:L/S:U/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-07T16:30:36.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6469449"
            },
            {
              "name": "ibm-appconnect-cve202129759-info-disc (202212)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-07-06T00:00:00",
              "ID": "CVE-2021-29759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0"
                              },
                              {
                                "version_value": "1.1"
                              },
                              {
                                "version_value": "1.2"
                              },
                              {
                                "version_value": "1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6469449",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6469449 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6469449"
                },
                {
                  "name": "ibm-appconnect-cve202129759-info-disc (202212)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-29759",
        "datePublished": "2021-07-07T16:30:36.764Z",
        "dateReserved": "2021-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:47.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4785 (GCVE-0-2020-4785)

    Vulnerability from nvd – Published: 2020-11-03 13:25 – Updated: 2024-09-16 17:29
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Create a notification for this product.
    Date Public
    2020-11-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:58.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6357899"
              },
              {
                "name": "ibm-appconnect-cve20204785-clickjacking (189219)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189219"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:L/S:C/AV:N/I:L/A:N/UI:R/AC:L/PR:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-03T13:25:21.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6357899"
            },
            {
              "name": "ibm-appconnect-cve20204785-clickjacking (189219)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189219"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-11-02T00:00:00",
              "ID": "CVE-2020-4785",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.0.1"
                              },
                              {
                                "version_value": "1.0.2"
                              },
                              {
                                "version_value": "1.0.3"
                              },
                              {
                                "version_value": "1.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6357899",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6357899 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6357899"
                },
                {
                  "name": "ibm-appconnect-cve20204785-clickjacking (189219)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189219"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4785",
        "datePublished": "2020-11-03T13:25:21.789Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:29:01.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-13491 (GCVE-0-2025-13491)

    Vulnerability from cvelistv5 – Published: 2026-02-05 13:55 – Updated: 2026-03-13 23:16
    VLAI
    Title
    IBM App Connect Enterprise Certified Container Information Disclosure
    Summary
    IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259746 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 11.2.0 , ≤ 11.6.0 (semver)
    Affected: 12.1.0 , ≤ 12.19.0 (semver)
    Affected: 12.0.0 , ≤ 12.0.19 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T14:46:00.445395Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T14:46:23.152Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.0",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.19.0",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.19",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003cspan\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;\u003c/span\u003eCD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u0026nbsp;\u003cspan\u003eand\u0026nbsp;\u003c/span\u003e12.0 LTS: 12.0.0 through 12.0.19\u003cspan\u003e\u0026nbsp;could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container\u00a0CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u00a0and\u00a012.0 LTS: 12.0.0 through 12.0.19\u00a0could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T23:16:33.682Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259746"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container Information Disclosure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Disable mapping assistance in the DesignerAuthoring component"
            }
          ],
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13491",
        "datePublished": "2026-02-05T13:55:21.838Z",
        "dateReserved": "2025-11-20T21:11:07.402Z",
        "dateUpdated": "2026-03-13T23:16:33.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36133 (GCVE-0-2025-36133)

    Vulnerability from cvelistv5 – Published: 2025-09-01 11:56 – Updated: 2025-09-02 20:33
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7243690 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 9.2.0 , ≤ 11.6.0 (semver)
    Affected: 12.0.0 , ≤ 12.0.14 (semver)
    Affected: 12.1.0 , ≤ 12.14.0 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T20:33:20.745830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T20:33:30.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.6.0",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.14",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.14.0",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and\u0026nbsp;12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and\u00a012.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T11:56:19.981Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7243690"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36133",
        "datePublished": "2025-09-01T11:56:19.981Z",
        "dateReserved": "2025-04-15T21:16:19.007Z",
        "dateUpdated": "2025-09-02T20:33:30.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1993 (GCVE-0-2025-1993)

    Vulnerability from cvelistv5 – Published: 2025-05-09 17:12 – Updated: 2025-08-31 01:27
    VLAI
    Title
    IBM App Connect Enterprise Certified Container information disclosure
    Summary
    IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7233054 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 8.1
    Affected: 8.2
    Affected: 9.0
    Affected: 9.1
    Affected: 9.2
    Affected: 10.0
    Affected: 10.1
    Affected: 11.0
    Affected: 11.1
    Affected: 11.2
    Affected: 11.3
    Affected: 11.4
    Affected: 11.5
    Affected: 11.6
    Affected: 12.0
    Affected: 12.1
    Affected: 12.2
    Affected: 12.3
    Affected: 12.4
    Affected: 12.5
    Affected: 12.6
    Affected: 12.7
    Affected: 12.8
    Affected: 12.9
    Affected: 12.10
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1993",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T19:27:49.855326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T19:41:57.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1"
                },
                {
                  "status": "affected",
                  "version": "8.2"
                },
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.2"
                },
                {
                  "status": "affected",
                  "version": "10.0"
                },
                {
                  "status": "affected",
                  "version": "10.1"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "11.1"
                },
                {
                  "status": "affected",
                  "version": "11.2"
                },
                {
                  "status": "affected",
                  "version": "11.3"
                },
                {
                  "status": "affected",
                  "version": "11.4"
                },
                {
                  "status": "affected",
                  "version": "11.5"
                },
                {
                  "status": "affected",
                  "version": "11.6"
                },
                {
                  "status": "affected",
                  "version": "12.0"
                },
                {
                  "status": "affected",
                  "version": "12.1"
                },
                {
                  "status": "affected",
                  "version": "12.2"
                },
                {
                  "status": "affected",
                  "version": "12.3"
                },
                {
                  "status": "affected",
                  "version": "12.4"
                },
                {
                  "status": "affected",
                  "version": "12.5"
                },
                {
                  "status": "affected",
                  "version": "12.6"
                },
                {
                  "status": "affected",
                  "version": "12.7"
                },
                {
                  "status": "affected",
                  "version": "12.8"
                },
                {
                  "status": "affected",
                  "version": "12.9"
                },
                {
                  "status": "affected",
                  "version": "12.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-31T01:27:51.511Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7233054"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly suggests the following:\nApp Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher.  Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ewww.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher.  Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ewww.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e"
                }
              ],
              "value": "IBM strongly suggests the following:\nApp Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher.  Documentation on the upgrade process is available at  www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator http://www.ibm.com/docs/en/app-connect/13.0 \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher.  Documentation on the upgrade process is available at  www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases http://www.ibm.com/docs/en/app-connect/12.0"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-1993",
        "datePublished": "2025-05-09T17:12:10.041Z",
        "dateReserved": "2025-03-05T16:10:31.630Z",
        "dateUpdated": "2025-08-31T01:27:51.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52362 (GCVE-0-2024-52362)

    Vulnerability from cvelistv5 – Published: 2025-03-12 14:04 – Updated: 2025-09-01 01:06
    VLAI
    Title
    IBM App Connect Enterprise Certified Container denial of service
    Summary
    IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1286 - Improper Validation of Syntactic Correctness of Input
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7185527 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:13:55.785610Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:14:08.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1286",
                  "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:06:08.715Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7185527"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-52362",
        "datePublished": "2025-03-12T14:04:10.525Z",
        "dateReserved": "2024-11-10T16:11:09.567Z",
        "dateUpdated": "2025-09-01T01:06:08.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43916 (GCVE-0-2022-43916)

    Vulnerability from cvelistv5 – Published: 2025-01-30 12:04 – Updated: 2025-02-18 19:00
    VLAI
    Title
    IBM App Connect Enterprise Certified Container improper communications restriction
    Summary
    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43916",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T13:20:39.455687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T19:00:47.236Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.\u003cbr\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-30T12:16:26.548Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7181916"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container improper communications restriction",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43916",
        "datePublished": "2025-01-30T12:04:47.259Z",
        "dateReserved": "2022-10-26T15:46:22.846Z",
        "dateUpdated": "2025-02-18T19:00:47.236Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22491 (GCVE-0-2022-22491)

    Vulnerability from cvelistv5 – Published: 2025-01-09 14:11 – Updated: 2025-01-09 14:22
    VLAI
    Title
    IBM App Connect Enterprise Certified Container denial of service
    Summary
    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-22491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T14:21:17.281118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T14:22:35.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container\u0026nbsp;7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container\u00a07.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T14:11:28.233Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7180500"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22491",
        "datePublished": "2025-01-09T14:11:28.233Z",
        "dateReserved": "2022-01-03T22:29:21.009Z",
        "dateUpdated": "2025-01-09T14:22:35.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51465 (GCVE-0-2024-51465)

    Vulnerability from cvelistv5 – Published: 2024-12-04 14:08 – Updated: 2024-12-04 14:29
    VLAI
    Title
    IBM App Connect Enterprise Certified Container command execution
    Summary
    IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T14:29:21.331474Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T14:29:54.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3\u0026nbsp;\u003c/span\u003ecould allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3\u00a0could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-04T14:08:58.092Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7177814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container command execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-51465",
        "datePublished": "2024-12-04T14:08:58.092Z",
        "dateReserved": "2024-10-28T10:50:10.475Z",
        "dateUpdated": "2024-12-04T14:29:54.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43915 (GCVE-0-2022-43915)

    Vulnerability from cvelistv5 – Published: 2024-08-24 11:22 – Updated: 2024-09-21 09:51
    VLAI
    Title
    IBM App Connect Enterprise Certified Container
    Summary
    IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43915",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T12:12:27.283415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T12:12:43.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-21T09:51:18.418Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7166463"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241037"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43915",
        "datePublished": "2024-08-24T11:22:02.059Z",
        "dateReserved": "2022-10-26T15:46:22.846Z",
        "dateUpdated": "2024-09-21T09:51:18.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43874 (GCVE-0-2022-43874)

    Vulnerability from cvelistv5 – Published: 2023-03-15 17:20 – Updated: 2025-02-26 21:25
    VLAI
    Title
    IBM App Connect Enterprise Certified Container
    Summary
    IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, 7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6960189"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239963"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:25:44.646097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T21:25:52.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, 7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239963."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239963."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-15T17:20:24.972Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6960189"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239963"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43874",
        "datePublished": "2023-03-15T17:20:24.972Z",
        "dateReserved": "2022-10-26T15:46:22.828Z",
        "dateUpdated": "2025-02-26T21:25:52.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43922 (GCVE-0-2022-43922)

    Vulnerability from cvelistv5 – Published: 2023-02-01 17:32 – Updated: 2025-03-26 18:42
    VLAI
    Title
    IBM App Connect Enterprise Certified Container information disclosure
    Summary
    IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 328 Reversible One-Way Hash
    • CWE-328 - Use of Weak Hash
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6857807"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T16:05:11.286042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-328",
                    "description": "CWE-328 Use of Weak Hash",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T18:42:41.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583."
                }
              ],
              "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "328 Reversible One-Way Hash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T17:32:29.171Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6857807"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise Certified Container information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-43922",
        "datePublished": "2023-02-01T17:32:29.171Z",
        "dateReserved": "2022-10-26T15:46:22.848Z",
        "dateUpdated": "2025-03-26T18:42:41.836Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31770 (GCVE-0-2022-31770)

    Vulnerability from cvelistv5 – Published: 2022-07-05 16:10 – Updated: 2024-09-17 04:19
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2022-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6601125"
              },
              {
                "name": "ibm-appconnect-cve202231770-dos (228221)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228221"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                }
              ]
            }
          ],
          "datePublic": "2022-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:H/AV:N/UI:N/C:N/PR:H/AC:L/I:N/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-05T16:10:10.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6601125"
            },
            {
              "name": "ibm-appconnect-cve202231770-dos (228221)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228221"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-07-04T00:00:00",
              "ID": "CVE-2022-31770",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6601125",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6601125 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6601125"
                },
                {
                  "name": "ibm-appconnect-cve202231770-dos (228221)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228221"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-31770",
        "datePublished": "2022-07-05T16:10:10.491Z",
        "dateReserved": "2022-05-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:19:19.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22404 (GCVE-0-2022-22404)

    Vulnerability from cvelistv5 – Published: 2022-04-01 16:45 – Updated: 2024-09-16 19:15
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.5
    Affected: 2.0
    Affected: 2.1
    Affected: 3.0
    Affected: 3.1
    Create a notification for this product.
    Date Public
    2022-03-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:54.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6568359"
              },
              {
                "name": "ibm-appconnect-cve202222404-dos (222575)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222575"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5"
                },
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1"
                },
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            }
          ],
          "datePublic": "2022-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:H/PR:L/S:U/AV:N/UI:N/AC:L/I:N/C:N/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-01T16:45:31.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6568359"
            },
            {
              "name": "ibm-appconnect-cve202222404-dos (222575)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222575"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-03-31T00:00:00",
              "ID": "CVE-2022-22404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.5"
                              },
                              {
                                "version_value": "2.0"
                              },
                              {
                                "version_value": "2.1"
                              },
                              {
                                "version_value": "3.0"
                              },
                              {
                                "version_value": "3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "H",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6568359",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6568359 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6568359"
                },
                {
                  "name": "ibm-appconnect-cve202222404-dos (222575)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222575"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22404",
        "datePublished": "2022-04-01T16:45:31.249Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:15:51.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-29906 (GCVE-0-2021-29906)

    Vulnerability from cvelistv5 – Published: 2021-10-08 17:20 – Updated: 2024-09-16 17:32
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Affected: 1.0.5
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Affected: 1.4
    Affected: 1.5
    Create a notification for this product.
    Date Public
    2021-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:18:03.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6497177"
              },
              {
                "name": "ibm-appconnect-cve202129906-info-disc (207630)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                },
                {
                  "status": "affected",
                  "version": "1.4"
                },
                {
                  "status": "affected",
                  "version": "1.5"
                }
              ]
            }
          ],
          "datePublic": "2021-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.5,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/S:U/A:N/C:H/AV:L/PR:N/UI:N/AC:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-08T17:20:13.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6497177"
            },
            {
              "name": "ibm-appconnect-cve202129906-info-disc (207630)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-10-07T00:00:00",
              "ID": "CVE-2021-29906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.0.1"
                              },
                              {
                                "version_value": "1.0.2"
                              },
                              {
                                "version_value": "1.0.3"
                              },
                              {
                                "version_value": "1.0.4"
                              },
                              {
                                "version_value": "1.0.5"
                              },
                              {
                                "version_value": "1.1"
                              },
                              {
                                "version_value": "1.2"
                              },
                              {
                                "version_value": "1.3"
                              },
                              {
                                "version_value": "1.4"
                              },
                              {
                                "version_value": "1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6497177",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6497177 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6497177"
                },
                {
                  "name": "ibm-appconnect-cve202129906-info-disc (207630)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-29906",
        "datePublished": "2021-10-08T17:20:13.582Z",
        "dateReserved": "2021-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:49.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-29759 (GCVE-0-2021-29759)

    Vulnerability from cvelistv5 – Published: 2021-07-07 16:30 – Updated: 2024-09-16 16:48
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3
    Create a notification for this product.
    Date Public
    2021-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:18:02.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6469449"
              },
              {
                "name": "ibm-appconnect-cve202129759-info-disc (202212)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3"
                }
              ]
            }
          ],
          "datePublic": "2021-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/C:H/I:N/UI:N/AV:L/PR:H/A:N/AC:L/S:U/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-07T16:30:36.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6469449"
            },
            {
              "name": "ibm-appconnect-cve202129759-info-disc (202212)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-07-06T00:00:00",
              "ID": "CVE-2021-29759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0"
                              },
                              {
                                "version_value": "1.1"
                              },
                              {
                                "version_value": "1.2"
                              },
                              {
                                "version_value": "1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6469449",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6469449 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6469449"
                },
                {
                  "name": "ibm-appconnect-cve202129759-info-disc (202212)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/202212"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2021-29759",
        "datePublished": "2021-07-07T16:30:36.764Z",
        "dateReserved": "2021-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:47.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4785 (GCVE-0-2020-4785)

    Vulnerability from cvelistv5 – Published: 2020-11-03 13:25 – Updated: 2024-09-16 17:29
    VLAI
    Summary
    IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Certified Container Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Affected: 1.0.4
    Create a notification for this product.
    Date Public
    2020-11-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:58.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6357899"
              },
              {
                "name": "ibm-appconnect-cve20204785-clickjacking (189219)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189219"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "App Connect Enterprise Certified Container",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.0.4"
                }
              ]
            }
          ],
          "datePublic": "2020-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:L/S:C/AV:N/I:L/A:N/UI:R/AC:L/PR:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-03T13:25:21.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6357899"
            },
            {
              "name": "ibm-appconnect-cve20204785-clickjacking (189219)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189219"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-11-02T00:00:00",
              "ID": "CVE-2020-4785",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "App Connect Enterprise Certified Container",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.0.1"
                              },
                              {
                                "version_value": "1.0.2"
                              },
                              {
                                "version_value": "1.0.3"
                              },
                              {
                                "version_value": "1.0.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6357899",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6357899 (App Connect Enterprise Certified Container)",
                  "url": "https://www.ibm.com/support/pages/node/6357899"
                },
                {
                  "name": "ibm-appconnect-cve20204785-clickjacking (189219)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189219"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4785",
        "datePublished": "2020-11-03T13:25:21.789Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:29:01.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }