CVE-2022-22404

CWE-770 — Allocation without Limits3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 58.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise Certified Container

Timeline

PublishedApr 1

Latest updateApr 2

Description

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/app_connect_enterprise_certified_container< 4.0.0

▶CVEListV5ibm/app_connect_enterprise_certified_container5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qpv7-q7m6-j79v: IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1↗2022-04-02

▶

CVEList

CVE-2022-22404: IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1↗2022-04-01

▶