CNVD-2021-49055

Vulnerability from cnvd - Published: 2021-07-10
VLAI Severity ?
Title
IBM App Connect Enterprise授权问题漏洞
Description
IBM App Connect Enterprise是美国IBM公司的一个操作系统。IBM App Connect Enterprise 将现有业界信任的 IBM Integration Bus 技术与 IBM App Connect Professional 以及新的云本机技术进行了组合,提供一个可满足现代数字企业全面集成需求的平台。 IBM App Connect Enterprise Certified Container存在授权问题漏洞,该漏洞源于平台未对日志文件做安全限制,导致特权用户可以从内部日志文件获得敏感信息。目前没有详细漏洞细节提供。
Severity
Patch Name
IBM App Connect Enterprise授权问题漏洞的补丁
Patch Description
IBM App Connect Enterprise是美国IBM公司的一个操作系统。IBM App Connect Enterprise 将现有业界信任的 IBM Integration Bus 技术与 IBM App Connect Professional 以及新的云本机技术进行了组合,提供一个可满足现代数字企业全面集成需求的平台。 IBM App Connect Enterprise Certified Container存在授权问题漏洞,该漏洞源于平台未对日志文件做安全限制,导致特权用户可以从内部日志文件获得敏感信息。目前没有详细漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.ibm.com/support/pages/node/6469449

Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-29759
Impacted products
Name
IBM IBM App Connect Enterprise Certified Container
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-29759",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29759"
    }
  },
  "description": "IBM App Connect Enterprise\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002IBM App Connect Enterprise \u5c06\u73b0\u6709\u4e1a\u754c\u4fe1\u4efb\u7684 IBM Integration Bus \u6280\u672f\u4e0e IBM App Connect Professional \u4ee5\u53ca\u65b0\u7684\u4e91\u672c\u673a\u6280\u672f\u8fdb\u884c\u4e86\u7ec4\u5408\uff0c\u63d0\u4f9b\u4e00\u4e2a\u53ef\u6ee1\u8db3\u73b0\u4ee3\u6570\u5b57\u4f01\u4e1a\u5168\u9762\u96c6\u6210\u9700\u6c42\u7684\u5e73\u53f0\u3002\n\nIBM App Connect Enterprise Certified Container\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e73\u53f0\u672a\u5bf9\u65e5\u5fd7\u6587\u4ef6\u505a\u5b89\u5168\u9650\u5236\uff0c\u5bfc\u81f4\u7279\u6743\u7528\u6237\u53ef\u4ee5\u4ece\u5185\u90e8\u65e5\u5fd7\u6587\u4ef6\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.ibm.com/support/pages/node/6469449",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-49055",
  "openTime": "2021-07-10",
  "patchDescription": "IBM App Connect Enterprise\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002IBM App Connect Enterprise \u5c06\u73b0\u6709\u4e1a\u754c\u4fe1\u4efb\u7684 IBM Integration Bus \u6280\u672f\u4e0e IBM App Connect Professional \u4ee5\u53ca\u65b0\u7684\u4e91\u672c\u673a\u6280\u672f\u8fdb\u884c\u4e86\u7ec4\u5408\uff0c\u63d0\u4f9b\u4e00\u4e2a\u53ef\u6ee1\u8db3\u73b0\u4ee3\u6570\u5b57\u4f01\u4e1a\u5168\u9762\u96c6\u6210\u9700\u6c42\u7684\u5e73\u53f0\u3002\r\n\r\nIBM App Connect Enterprise Certified Container\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e73\u53f0\u672a\u5bf9\u65e5\u5fd7\u6587\u4ef6\u505a\u5b89\u5168\u9650\u5236\uff0c\u5bfc\u81f4\u7279\u6743\u7528\u6237\u53ef\u4ee5\u4ece\u5185\u90e8\u65e5\u5fd7\u6587\u4ef6\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM App Connect Enterprise\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM App Connect Enterprise Certified Container"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29759",
  "serverity": "\u4e2d",
  "submitTime": "2021-07-08",
  "title": "IBM App Connect Enterprise\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.