CVE-2022-43916

EPSS 0.1%
Veröffentlicht 30.01.2025 12:15:26
Zuletzt bearbeitet 13.08.2025 17:50:14
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM App Connect Enterprise Certified Container improper communications restriction

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ App Connect Enterprise Certified Container Version >= 7.1 < 12.8

Redhat ≫ Openshift Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.279

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
psirt@us.ibm.com	6.8	1.6	5.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

https://www.ibm.com/support/pages/node/7181916

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-43916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43916

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-43916