CVE-2022-43915 — Incorrect Permission Assignment in IBM APP Connect Enterprise Certified Container

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

8.1HIGHNVD

CNA6.8

EPSS

0.1%

top 73.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise Certified Container

Timeline

PublishedAug 24

Description

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5ibm/app_connect_enterprise_certified_container5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1

▶NVDibm/app_connect_enterprise_certified_container20 versions+19

🔴Vulnerability Details

CVEList

IBM App Connect Enterprise Certified Container↗2024-08-24

▶

GHSA

GHSA-gwqp-p498-93jr: IBM App Connect Enterprise Certified Container 5↗2024-08-24

▶