CVE-2022-42439 - OpenCVE

IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix App Connect Enterprise App Connect Enterprise Certified Container
Linux	Linux Kernel
Microsoft	Windows
Redhat	Openshift

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:app_connect_enterprise::::::::
	cpe:2.3:a:ibm:app_connect_enterprise:12.0.4.0:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise:12.0.5.0:::::::*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0::::lts:::
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:::::::*

cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/238211
https://www.ibm.com/support/pages/node/6952435

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-02-06T20:25:26.204Z

Updated: 2024-08-03T13:10:40.440Z

Reserved: 2022-10-06T15:51:26.500Z

Link: CVE-2022-42439

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-06T21:15:09.200

Modified: 2023-11-07T03:53:18.810

Link: CVE-2022-42439

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-42439", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2022-10-06T15:51:26.500Z", "datePublished": "2023-02-06T20:25:26.204Z", "dateUpdated": "2024-08-03T13:10:40.440Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "App Connect Enterprise", "vendor": "IBM", "versions": [{"lessThan": "11.0.0.19", "status": "affected", "version": "11.0.0.17", "versionType": "semver"}, {"lessThan": "12.0.5.0", "status": "affected", "version": "12.0.4.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.</span>\n\n"}], "value": "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-02-17T16:10:51.689Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6952435"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM App Connect Enterprise information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:10:40.440Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6952435"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "88D39D31-4C45-4BEC-96AA-2A95B866C6C1", "versionEndIncluding": "11.0.0.19", "versionStartIncluding": "11.0.0.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise:12.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "3718A35D-12A7-4E89-8064-80E649966613", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise:12.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BBA5E7D8-685A-4A33-A6B0-10EA8F8E0775", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4BF8AF2-0047-4E43-AEDF-0D4D54446876", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "37215CD7-7390-4BCD-AA3A-E1B233875147", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*", "matchCriteriaId": "B9B1A13B-7F98-44A6-9933-A0052E93D7F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9816F05C-8D57-48AD-9E64-907CDB24D612", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C7B481C-86B1-44B0-AB68-48C1739B0DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACA125F0-42C5-40E2-A63D-FDE0444A7D32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n"}], "id": "CVE-2022-42439", "lastModified": "2023-11-07T03:53:18.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-02-06T21:15:09.200", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6952435"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}