CVE-2022-22491 — Allocation of Resources Without Limits or Throttling in IBM APP Connect Enterprise Certified Container

CWE-770 — Allocation of Resources Without Limits or Throttling2 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise Certified Container

Timeline

PublishedJan 9

Description

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/app_connect_enterprise_certified_container7.0 — 12.4

▶CVEListV5ibm/app_connect_enterprise_certified_container7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4

🔴Vulnerability Details

CVEList

IBM App Connect Enterprise Certified Container denial of service↗2025-01-09

▶