CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43874 – IBM App Connect Enterprise Certified Container
https://notcve.org/view.php?id=CVE-2022-43874
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239963 https://www.ibm.com/support/pages/node/6960189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-42439 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2022-42439
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238211 https://www.ibm.com/support/pages/node/6952435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43922 – IBM App Connect Enterprise Certified Container information disclosure
https://notcve.org/view.php?id=CVE-2022-43922
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241583 https://www.ibm.com/support/pages/node/6857807 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31770
https://notcve.org/view.php?id=CVE-2022-31770
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. IBM App Connect Enterprise Certified Container versión 4.2, podría permitir a un usuario de la consola de administración causar una denegación de servicio mediante la creación de una petición especialmente diseñada. IBM X-Force ID: 228221 • https://exchange.xforce.ibmcloud.com/vulnerabilities/228221 https://www.ibm.com/support/pages/node/6601125 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22404
https://notcve.org/view.php?id=CVE-2022-22404
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container versiones 1.5, 2.0, 2.1, 3.0 y 3.1) puede ser vulnerable a una denegación de servicio debido a una limitación excesiva de la velocidad • https://exchange.xforce.ibmcloud.com/vulnerabilities/222575 https://www.ibm.com/support/pages/node/6568359 • CWE-770: Allocation of Resources Without Limits or Throttling •