6.8
CVE-2022-42439
- EPSS 0.06%
- Published 06.02.2023 21:15:09
- Last modified 21.11.2024 07:24:58
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ App Connect Enterprise Version >= 11.0.0.17 <= 11.0.0.19
Ibm ≫ App Connect Enterprise Version12.0.4.0
Ibm ≫ App Connect Enterprise Version12.0.5.0
Ibm ≫ App Connect Enterprise Certified Container Version4.1
Ibm ≫ App Connect Enterprise Certified Container Version4.2
Ibm ≫ App Connect Enterprise Certified Container Version5.0 SwEditionlts
Ibm ≫ App Connect Enterprise Certified Container Version5.1
Ibm ≫ App Connect Enterprise Certified Container Version5.2
Ibm ≫ App Connect Enterprise Certified Container Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.2 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.