CVE-2022-43916
Published: 30 January 2025
Description
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.
Security Summary
CVE-2022-43916 is a vulnerability in IBM App Connect Enterprise Certified Container versions 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7, where Pods used for internal infrastructure do not restrict network egress. This issue is classified under CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints) and carries a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
The vulnerability can be exploited by a low-privileged user (PR:L) over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation enables high impacts on confidentiality and integrity (C:H/I:H) with no availability disruption (A:N), maintaining an unchanged security scope (S:U).
IBM provides mitigation guidance in its security advisory at https://www.ibm.com/support/pages/node/7181916.
Details
- CWE(s)