6.8
CVE-2022-42439
- EPSS 0.09%
- Veröffentlicht 06.02.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 07:24:58
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ App Connect Enterprise Version >= 11.0.0.17 <= 11.0.0.19
Ibm ≫ App Connect Enterprise Version12.0.4.0
Ibm ≫ App Connect Enterprise Version12.0.5.0
Ibm ≫ App Connect Enterprise Certified Container Version4.1
Ibm ≫ App Connect Enterprise Certified Container Version4.2
Ibm ≫ App Connect Enterprise Certified Container Version5.0 SwEditionlts
Ibm ≫ App Connect Enterprise Certified Container Version5.1
Ibm ≫ App Connect Enterprise Certified Container Version5.2
Ibm ≫ App Connect Enterprise Certified Container Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.252 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.