cvelistv5 - CVE-2022-43915

CVE-2022-43915 (GCVE-0-2022-43915)

Vulnerability from cvelistv5 – Published: 2024-08-24 11:22 – Updated: 2024-09-21 09:51

Summary

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/7166463	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry

Impacted products

	Vendor	Product	Version
	IBM	App Connect Enterprise Certified Container	Affected: 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1 cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0::::lts::: cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:::::::* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0::::lts::: cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T12:12:27.283415Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T12:12:43.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "App Connect Enterprise Certified Container",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
            }
          ],
          "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-21T09:51:18.418Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7166463"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241037"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM App Connect Enterprise Certified Container",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-43915",
    "datePublished": "2024-08-24T11:22:02.059Z",
    "dateReserved": "2022-10-26T15:46:22.846Z",
    "dateUpdated": "2024-09-21T09:51:18.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B9B1A13B-7F98-44A6-9933-A0052E93D7F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"058D0F10-2D9C-4BDF-AB79-12D0E758BA26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"197A51DC-9A53-4A3D-ABAD-9E6116489F4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAB48ED5-5028-4EB8-BA9E-B89D76D9CBAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FA30E32-39ED-4288-9399-CED260F0CBE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31139101-5917-4269-BCD0-CC10D3AD460C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF99C78-6390-446A-B51D-4C63A8308BAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CFAF93C-6945-43F9-B97E-8CE42E6F583B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0244144F-1F2D-49AA-9051-FA229491C961\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EDD740F-ACDE-4D1A-B50F-EFA9C52C4F7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA5A55F4-118A-4361-A9CF-0FEC0049D534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41A22853-2AB5-4391-B4E8-5EF80271F9AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BD18D87-106B-4131-A5A0-59B0B0144158\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E63B3C7-B7E3-4283-AF86-744883C81306\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C010EE2-6BAA-4314-8C54-C3653DDF4F04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CB6E8D9-3CD1-4BC0-9A48-3C4511878066\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA51BE8F-5697-4CB7-8354-2CC32CE6BFF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B75CCB-01DC-43BC-AB8D-60EB45A1A01C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"950D1391-A44E-43E6-879E-6E970C8B4418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BE3462C-C27A-49D1-BBF1-B8362BD73603\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.\"}, {\"lang\": \"es\", \"value\": \"IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0 y 12.1 no limita las llamadas para dejar de compartir en Pods en ejecuci\\u00f3n. Esto puede permitir que un usuario con acceso para ejecutar comandos en un Pod en ejecuci\\u00f3n aumente sus privilegios de usuario.\"}]",
      "id": "CVE-2022-43915",
      "lastModified": "2024-09-21T10:15:04.170",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}]}",
      "published": "2024-08-24T12:15:04.080",
      "references": "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/241037\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7166463\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@us.ibm.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43915\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-08-24T12:15:04.080\",\"lastModified\":\"2024-09-21T10:15:04.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.\"},{\"lang\":\"es\",\"value\":\"IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0 y 12.1 no limita las llamadas para dejar de compartir en Pods en ejecuci\u00f3n. Esto puede permitir que un usuario con acceso para ejecutar comandos en un Pod en ejecuci\u00f3n aumente sus privilegios de usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B9B1A13B-7F98-44A6-9933-A0052E93D7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"058D0F10-2D9C-4BDF-AB79-12D0E758BA26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197A51DC-9A53-4A3D-ABAD-9E6116489F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAB48ED5-5028-4EB8-BA9E-B89D76D9CBAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA30E32-39ED-4288-9399-CED260F0CBE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31139101-5917-4269-BCD0-CC10D3AD460C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF99C78-6390-446A-B51D-4C63A8308BAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFAF93C-6945-43F9-B97E-8CE42E6F583B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0244144F-1F2D-49AA-9051-FA229491C961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EDD740F-ACDE-4D1A-B50F-EFA9C52C4F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA5A55F4-118A-4361-A9CF-0FEC0049D534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41A22853-2AB5-4391-B4E8-5EF80271F9AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BD18D87-106B-4131-A5A0-59B0B0144158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E63B3C7-B7E3-4283-AF86-744883C81306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C010EE2-6BAA-4314-8C54-C3653DDF4F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB6E8D9-3CD1-4BC0-9A48-3C4511878066\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA51BE8F-5697-4CB7-8354-2CC32CE6BFF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B75CCB-01DC-43BC-AB8D-60EB45A1A01C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"950D1391-A44E-43E6-879E-6E970C8B4418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BE3462C-C27A-49D1-BBF1-B8362BD73603\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/241037\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7166463\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43915\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-26T12:12:27.283415Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-26T12:12:38.717Z\"}}], \"cna\": {\"title\": \"IBM App Connect Enterprise Certified Container\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"App Connect Enterprise Certified Container\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7166463\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/241037\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-732\", \"description\": \"CWE-732 Incorrect Permission Assignment for Critical Resource\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-09-21T09:51:18.418Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-43915\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-21T09:51:18.418Z\", \"dateReserved\": \"2022-10-26T15:46:22.846Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2024-08-24T11:22:02.059Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-43915

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2022-43915

Aliases

CVE-2022-43915

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43915",
    "id": "GSD-2022-43915"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43915"
      ],
      "id": "GSD-2022-43915",
      "modified": "2023-12-13T01:19:31.796953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-43915",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2022-43915

Vulnerability from fkie_nvd - Published: 2024-08-24 12:15 - Updated: 2024-09-21 10:15

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/241037	VDB Entry, Vendor Advisory
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7166463	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	app_connect_enterprise_certified_container	5.0
ibm	app_connect_enterprise_certified_container	7.1
ibm	app_connect_enterprise_certified_container	7.2
ibm	app_connect_enterprise_certified_container	8.0
ibm	app_connect_enterprise_certified_container	8.1
ibm	app_connect_enterprise_certified_container	8.2
ibm	app_connect_enterprise_certified_container	9.0
ibm	app_connect_enterprise_certified_container	9.1
ibm	app_connect_enterprise_certified_container	9.2
ibm	app_connect_enterprise_certified_container	10.0
ibm	app_connect_enterprise_certified_container	10.1
ibm	app_connect_enterprise_certified_container	11.0
ibm	app_connect_enterprise_certified_container	11.1
ibm	app_connect_enterprise_certified_container	11.2
ibm	app_connect_enterprise_certified_container	11.3
ibm	app_connect_enterprise_certified_container	11.4
ibm	app_connect_enterprise_certified_container	11.5
ibm	app_connect_enterprise_certified_container	11.6
ibm	app_connect_enterprise_certified_container	12.0
ibm	app_connect_enterprise_certified_container	12.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B9B1A13B-7F98-44A6-9933-A0052E93D7F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "058D0F10-2D9C-4BDF-AB79-12D0E758BA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "197A51DC-9A53-4A3D-ABAD-9E6116489F4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAB48ED5-5028-4EB8-BA9E-B89D76D9CBAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA30E32-39ED-4288-9399-CED260F0CBE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31139101-5917-4269-BCD0-CC10D3AD460C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF99C78-6390-446A-B51D-4C63A8308BAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFAF93C-6945-43F9-B97E-8CE42E6F583B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0244144F-1F2D-49AA-9051-FA229491C961",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDD740F-ACDE-4D1A-B50F-EFA9C52C4F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5A55F4-118A-4361-A9CF-0FEC0049D534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41A22853-2AB5-4391-B4E8-5EF80271F9AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BD18D87-106B-4131-A5A0-59B0B0144158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E63B3C7-B7E3-4283-AF86-744883C81306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C010EE2-6BAA-4314-8C54-C3653DDF4F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB6E8D9-3CD1-4BC0-9A48-3C4511878066",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA51BE8F-5697-4CB7-8354-2CC32CE6BFF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B75CCB-01DC-43BC-AB8D-60EB45A1A01C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "950D1391-A44E-43E6-879E-6E970C8B4418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE3462C-C27A-49D1-BBF1-B8362BD73603",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges."
    },
    {
      "lang": "es",
      "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0 y 12.1 no limita las llamadas para dejar de compartir en Pods en ejecuci\u00f3n. Esto puede permitir que un usuario con acceso para ejecutar comandos en un Pod en ejecuci\u00f3n aumente sus privilegios de usuario."
    }
  ],
  "id": "CVE-2022-43915",
  "lastModified": "2024-09-21T10:15:04.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-24T12:15:04.080",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241037"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7166463"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2024-1918

Vulnerability from csaf_certbund - Published: 2024-08-22 22:00 - Updated: 2024-08-22 22:00

Summary

IBM App Connect Enterprise: Schwachstelle ermöglicht Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1918 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1918.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1918 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1918"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7166463 vom 2024-08-23",
        "url": "https://www.ibm.com/support/pages/node/7166463"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM App Connect Enterprise: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-08-22T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-23T11:09:47.368+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-1918",
      "initial_release_date": "2024-08-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5",
                "product": {
                  "name": "IBM App Connect Enterprise 5.0",
                  "product_id": "T032937",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.1",
                "product": {
                  "name": "IBM App Connect Enterprise 7.1",
                  "product_id": "T037052",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:7.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM App Connect Enterprise 7.2",
                  "product_id": "T037053",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:7.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "IBM App Connect Enterprise 8.0",
                  "product_id": "T037054",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:8.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1",
                "product": {
                  "name": "IBM App Connect Enterprise 8.1",
                  "product_id": "T037055",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:8.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.2",
                "product": {
                  "name": "IBM App Connect Enterprise 8.2",
                  "product_id": "T037056",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:8.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "IBM App Connect Enterprise 9.0",
                  "product_id": "T037057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM App Connect Enterprise 9.1",
                  "product_id": "T037058",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.2",
                "product": {
                  "name": "IBM App Connect Enterprise 9.2",
                  "product_id": "T037059",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:9.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "IBM App Connect Enterprise 10.0",
                  "product_id": "T037060",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.1",
                "product": {
                  "name": "IBM App Connect Enterprise 10.1",
                  "product_id": "T037061",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:10.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11",
                "product": {
                  "name": "IBM App Connect Enterprise 11.0",
                  "product_id": "T037062",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.1",
                "product": {
                  "name": "IBM App Connect Enterprise 11.1",
                  "product_id": "T037063",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.2",
                "product": {
                  "name": "IBM App Connect Enterprise 11.2",
                  "product_id": "T037064",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.3",
                "product": {
                  "name": "IBM App Connect Enterprise 11.3",
                  "product_id": "T037065",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.4",
                "product": {
                  "name": "IBM App Connect Enterprise 11.4",
                  "product_id": "T037066",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.5",
                "product": {
                  "name": "IBM App Connect Enterprise 11.5",
                  "product_id": "T037067",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.6",
                "product": {
                  "name": "IBM App Connect Enterprise 11.6",
                  "product_id": "T037068",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0",
                  "product_id": "T037069",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1",
                "product": {
                  "name": "IBM App Connect Enterprise 12.1",
                  "product_id": "T037070",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-43915",
      "notes": [
        {
          "category": "description",
          "text": "In IBM App Connect Enterprise besteht eine Schwachstelle. In den \u201eCertified Container operands\u201c wird der Befehl \u201eunshare\u201c nicht ordnungsgem\u00e4\u00df eingeschr\u00e4nkt. Ein entfernter, authentisierter Angreifer, der \u00fcber die Berechtigung zur Ausf\u00fchrung von Befehlen in einem laufenden Pod verf\u00fcgt, kann dies ausnutzen, um seine Berechtigungen zu erh\u00f6hen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T037059",
          "T037055",
          "T037066",
          "T037056",
          "T037067",
          "T037057",
          "T037068",
          "T037058",
          "T037069",
          "T037062",
          "T037052",
          "T037063",
          "T037053",
          "T037064",
          "T037054",
          "T037065",
          "T037070",
          "T037060",
          "T037061",
          "T032937"
        ]
      },
      "release_date": "2024-08-22T22:00:00.000+00:00",
      "title": "CVE-2022-43915"
    }
  ]
}

GHSA-GWQP-P498-93JR

Vulnerability from github – Published: 2024-08-24 12:30 – Updated: 2024-08-24 12:30

Details

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges.

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-24T12:15:04Z",
    "severity": "MODERATE"
  },
  "details": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods.  This can allow a user with access to execute commands in a running Pod to elevate their user privileges.",
  "id": "GHSA-gwqp-p498-93jr",
  "modified": "2024-08-24T12:30:46Z",
  "published": "2024-08-24T12:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43915"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241037"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7166463"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2024-43194

Vulnerability from cnvd - Published: 2024-11-06

Title

IBM App Connect Enterprise Certified Container存在未明漏洞

Description

IBM App Connect Enterprise是美国国际商业机器（IBM）公司的一个操作系统。IBM App Connect Enterprise 将现有业界信任的IBM Integration Bus技术与IBM App Connect Professional以及新的云本机技术进行了组合，提供一个可满足现代数字企业全面集成需求的平台。 IBM App Connect Enterprise Certified Container存在安全漏洞，攻击者可利用该漏洞在正在运行的Pod中执行命令以提升其用户权限。

Severity

中

Patch Name

IBM App Connect Enterprise Certified Container存在未明漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修补方案，建议用户下载使用： https://www.ibm.com/support/pages/node/7166463

Reference

https://cxsecurity.com/cveshow/CVE-2022-43915/

Impacted products

Name
['IBM IBM App Connect Enterprise Certified Container 5.0-lts', 'IBM IBM App Connect Enterprise Certified Container 7.1', 'IBM IBM App Connect Enterprise Certified Container 7.2', 'IBM IBM App Connect Enterprise Certified Container 8.0', 'IBM IBM App Connect Enterprise Certified Container 8.1', 'IBM IBM App Connect Enterprise Certified Container 8.2', 'IBM IBM App Connect Enterprise Certified Container 9.0', 'IBM IBM App Connect Enterprise Certified Container 9.1', 'IBM IBM App Connect Enterprise Certified Container 9.2', 'IBM IBM App Connect Enterprise Certified Container 10.0', 'IBM IBM App Connect Enterprise Certified Container 10.1', 'IBM IBM App Connect Enterprise Certified Container 11.0', 'IBM IBM App Connect Enterprise Certified Container 11.1', 'IBM IBM App Connect Enterprise Certified Container 11.2', 'IBM IBM App Connect Enterprise Certified Container 11.3', 'IBM IBM App Connect Enterprise Certified Container 11.4', 'IBM IBM App Connect Enterprise Certified Container 11.5', 'IBM IBM App Connect Enterprise Certified Container 11.6', 'IBM IBM App Connect Enterprise Certified Container 12.0-lts', 'IBM IBM App Connect Enterprise Certified Container 12.1']

Name

['IBM IBM App Connect Enterprise Certified Container 5.0-lts', 'IBM IBM App Connect Enterprise Certified Container 7.1', 'IBM IBM App Connect Enterprise Certified Container 7.2', 'IBM IBM App Connect Enterprise Certified Container 8.0', 'IBM IBM App Connect Enterprise Certified Container 8.1', 'IBM IBM App Connect Enterprise Certified Container 8.2', 'IBM IBM App Connect Enterprise Certified Container 9.0', 'IBM IBM App Connect Enterprise Certified Container 9.1', 'IBM IBM App Connect Enterprise Certified Container 9.2', 'IBM IBM App Connect Enterprise Certified Container 10.0', 'IBM IBM App Connect Enterprise Certified Container 10.1', 'IBM IBM App Connect Enterprise Certified Container 11.0', 'IBM IBM App Connect Enterprise Certified Container 11.1', 'IBM IBM App Connect Enterprise Certified Container 11.2', 'IBM IBM App Connect Enterprise Certified Container 11.3', 'IBM IBM App Connect Enterprise Certified Container 11.4', 'IBM IBM App Connect Enterprise Certified Container 11.5', 'IBM IBM App Connect Enterprise Certified Container 11.6', 'IBM IBM App Connect Enterprise Certified Container 12.0-lts', 'IBM IBM App Connect Enterprise Certified Container 12.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-43915"
    }
  },
  "description": "IBM App Connect Enterprise\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002IBM App Connect Enterprise \u5c06\u73b0\u6709\u4e1a\u754c\u4fe1\u4efb\u7684IBM Integration Bus\u6280\u672f\u4e0eIBM App Connect Professional\u4ee5\u53ca\u65b0\u7684\u4e91\u672c\u673a\u6280\u672f\u8fdb\u884c\u4e86\u7ec4\u5408\uff0c\u63d0\u4f9b\u4e00\u4e2a\u53ef\u6ee1\u8db3\u73b0\u4ee3\u6570\u5b57\u4f01\u4e1a\u5168\u9762\u96c6\u6210\u9700\u6c42\u7684\u5e73\u53f0\u3002\n\nIBM App Connect Enterprise Certified Container\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6b63\u5728\u8fd0\u884c\u7684Pod\u4e2d\u6267\u884c\u547d\u4ee4\u4ee5\u63d0\u5347\u5176\u7528\u6237\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.ibm.com/support/pages/node/7166463",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-43194",
  "openTime": "2024-11-06",
  "patchDescription": "IBM App Connect Enterprise\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002IBM App Connect Enterprise \u5c06\u73b0\u6709\u4e1a\u754c\u4fe1\u4efb\u7684IBM Integration Bus\u6280\u672f\u4e0eIBM App Connect Professional\u4ee5\u53ca\u65b0\u7684\u4e91\u672c\u673a\u6280\u672f\u8fdb\u884c\u4e86\u7ec4\u5408\uff0c\u63d0\u4f9b\u4e00\u4e2a\u53ef\u6ee1\u8db3\u73b0\u4ee3\u6570\u5b57\u4f01\u4e1a\u5168\u9762\u96c6\u6210\u9700\u6c42\u7684\u5e73\u53f0\u3002\r\n\r\nIBM App Connect Enterprise Certified Container\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6b63\u5728\u8fd0\u884c\u7684Pod\u4e2d\u6267\u884c\u547d\u4ee4\u4ee5\u63d0\u5347\u5176\u7528\u6237\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM App Connect Enterprise Certified Container\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM IBM App Connect Enterprise Certified Container  5.0-lts",
      "IBM IBM App Connect Enterprise Certified Container  7.1",
      "IBM IBM App Connect Enterprise Certified Container  7.2",
      "IBM IBM App Connect Enterprise Certified Container  8.0",
      "IBM IBM App Connect Enterprise Certified Container  8.1",
      "IBM IBM App Connect Enterprise Certified Container  8.2",
      "IBM IBM App Connect Enterprise Certified Container  9.0",
      "IBM IBM App Connect Enterprise Certified Container  9.1",
      "IBM IBM App Connect Enterprise Certified Container  9.2",
      "IBM IBM App Connect Enterprise Certified Container  10.0",
      "IBM IBM App Connect Enterprise Certified Container  10.1",
      "IBM IBM App Connect Enterprise Certified Container  11.0",
      "IBM IBM App Connect Enterprise Certified Container  11.1",
      "IBM IBM App Connect Enterprise Certified Container  11.2",
      "IBM IBM App Connect Enterprise Certified Container  11.3",
      "IBM IBM App Connect Enterprise Certified Container  11.4",
      "IBM IBM App Connect Enterprise Certified Container  11.5",
      "IBM IBM App Connect Enterprise Certified Container  11.6",
      "IBM IBM App Connect Enterprise Certified Container  12.0-lts",
      "IBM IBM App Connect Enterprise Certified Container  12.1"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2022-43915/",
  "serverity": "\u4e2d",
  "submitTime": "2024-08-27",
  "title": "IBM App Connect Enterprise Certified Container\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-43915 (GCVE-0-2022-43915)

GSD-2022-43915

FKIE_CVE-2022-43915

WID-SEC-W-2024-1918

GHSA-GWQP-P498-93JR

CNVD-2024-43194

Tags

Sightings

Nomenclature