CVE-2022-43922 - OpenCVE

IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	App Connect Enterprise Certified Container
Redhat	Openshift

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0::::lts:::
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.1:::::::*
	cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.2:::::::*

cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/241583
https://www.ibm.com/support/pages/node/6857807

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-02-01T17:32:29.171Z

Updated: 2024-08-03T13:40:06.572Z

Reserved: 2022-10-26T15:46:22.848Z

Link: CVE-2022-43922

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-01T18:15:10.453

Modified: 2023-11-07T03:54:07.783

Link: CVE-2022-43922

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43922", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2022-10-26T15:46:22.848Z", "datePublished": "2023-02-01T17:32:29.171Z", "dateUpdated": "2024-08-03T13:40:06.572Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "App Connect Enterprise Certified Container", "vendor": "IBM", "versions": [{"status": "affected", "version": "4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583."}], "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "328 Reversible One-Way Hash", "lang": "en"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-02-01T17:32:29.171Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/6857807"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM App Connect Enterprise Certified Container information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.572Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6857807"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4BF8AF2-0047-4E43-AEDF-0D4D54446876", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "37215CD7-7390-4BCD-AA3A-E1B233875147", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*", "matchCriteriaId": "B9B1A13B-7F98-44A6-9933-A0052E93D7F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9816F05C-8D57-48AD-9E64-907CDB24D612", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C7B481C-86B1-44B0-AB68-48C1739B0DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "ACA125F0-42C5-40E2-A63D-FDE0444A7D32", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "984C0CFE-21D0-498B-B326-A3AB50C8602B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "8B61BDF7-D688-49CC-9D96-A625BBF95E5B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583."}], "id": "CVE-2022-43922", "lastModified": "2023-11-07T03:54:07.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2023-02-01T18:15:10.453", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241583"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6857807"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}