cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43916,https://securityvulnerability.io/vulnerability/CVE-2022-43916,Network Egress Vulnerability in IBM App Connect Enterprise Certified Container,A network egress vulnerability exists in IBM App Connect Enterprise Certified Container that allows Pods utilized for internal infrastructure to access egress traffic without proper restrictions. This could potentially expose sensitive data and allow unauthorized external communication from the internal network environment. Organizations are advised to implement security measures to limit network access and mitigate potential risks associated with this vulnerability.,IBM,App Connect Enterprise Certified Container,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T12:04:47.259Z,0
CVE-2022-22491,https://securityvulnerability.io/vulnerability/CVE-2022-22491,File System Write Vulnerability in IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container versions running on Red Hat OpenShift are vulnerable to a file system write issue. This weakness allows unrestricted write access to the local filesystem. As a consequence, it can lead to exhaustion of available storage within a Pod. When the storage limit is reached, the affected Pod may be restarted, which can disrupt services relying on it. Organizations should evaluate their deployment configurations and consider implementing restrictions to mitigate this vulnerability.",IBM,App Connect Enterprise Certified Container,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T14:11:28.233Z,0
CVE-2022-43915,https://securityvulnerability.io/vulnerability/CVE-2022-43915,Running Pods Allow Elevated User Privileges,"IBM App Connect Enterprise Certified Container versions are vulnerable to privilege escalation due to inadequate limitations on calls to unshare in running Pods. This allows users with privileged access to execute unauthorized commands, potentially elevating their privileges within the containerized environment. Attackers could exploit this weakness to gain additional access and control over system resources, presenting risks to data integrity and system security. Organizations utilizing affected versions should implement necessary security measures to mitigate potential threats and ensure the integrity of their deployment.",IBM,App Connect Enterprise Certified Container,8.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-24T11:22:02.059Z,0
CVE-2022-43874,https://securityvulnerability.io/vulnerability/CVE-2022-43874,IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  239963.",IBM,App Connect Enterprise Certified Container,6.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-03-15T17:20:24.972Z,0
CVE-2022-43922,https://securityvulnerability.io/vulnerability/CVE-2022-43922,IBM App Connect Enterprise Certified Container information disclosure,"IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration.  IBM X-Force ID:  241583.",IBM,App Connect Enterprise Certified Container,5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-02-01T17:32:29.171Z,0
CVE-2022-31770,https://securityvulnerability.io/vulnerability/CVE-2022-31770,Denial of Service in IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container 4.2 contains a vulnerability that allows an authenticated user with access to the administration console to create a specially crafted request. This can cause a denial of service, disrupting the availability of the application. Organizations utilizing this software must ensure proper access controls are in place to mitigate risks associated with this vulnerability.",IBM,App Connect Enterprise Certified Container,4.9,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-07-04T00:00:00.000Z,0
CVE-2022-22404,https://securityvulnerability.io/vulnerability/CVE-2022-22404,Denial of Service Vulnerability in IBM App Connect Enterprise Certified Container Dashboard UI,"The IBM App Connect Enterprise Certified Container Dashboard UI is susceptible to a denial of service (DoS) attack due to inadequate rate limiting mechanisms. This flaw could be exploited by attackers to overwhelm the system, resulting in service outages and diminished availability. It is critical for organizations using affected versions to implement appropriate safeguards to mitigate potential impacts on their operations.",IBM,App Connect Enterprise Certified Container,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-03-31T00:00:00.000Z,0
CVE-2021-29906,https://securityvulnerability.io/vulnerability/CVE-2021-29906,Information Disclosure Vulnerability in IBM App Connect Enterprise Certified Container,"The IBM App Connect Enterprise Certified Container version range 1.0 to 1.5 is prone to an information disclosure vulnerability. When configured with an IBM Cloud API key for connecting to various cloud-based connectors, it may inadvertently expose sensitive information to local users. It is crucial for organizations relying on this product to assess their configurations to prevent unintended data leaks and ensure robust security measures are in place to protect sensitive information.",IBM,App Connect Enterprise Certified Container,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-10-08T18:15:00.000Z,0
CVE-2021-29759,https://securityvulnerability.io/vulnerability/CVE-2021-29759,,"IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.",IBM,App Connect Enterprise Certified Container,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-07-07T17:15:00.000Z,0
CVE-2020-4785,https://securityvulnerability.io/vulnerability/CVE-2020-4785,,"IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.",IBM,App Connect Enterprise Certified Container,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-11-03T14:15:00.000Z,0