CVE-2021-29906
First published: Thu Oct 07 2021(Updated: )
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM App Connect Enterprise Certified Container | <=1.0 with Operator | |
| IBM App Connect Enterprise Certified Container | <=1.1 with Operator | |
| IBM App Connect Enterprise Certified Container | <=1.2 with Operator | |
| IBM App Connect Enterprise Certified Container | <=1.3 with Operator | |
| IBM App Connect Enterprise Certified Container | <=1.4 with Operator | |
| IBM App Connect Enterprise Certified Container | <=1.5 with Operator | |
| IBM App Connect Enterprise Certified Container | =1.0.0 | |
| IBM App Connect Enterprise Certified Container | =1.1.0 | |
| IBM App Connect Enterprise Certified Container | =1.2.0 | |
| IBM App Connect Enterprise Certified Container | =1.3.0 | |
| IBM App Connect Enterprise Certified Container | =1.4.0 | |
| IBM App Connect Enterprise Certified Container | =1.5.0 | |
| Redhat Openshift |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-29906.
What is the severity level of CVE-2021-29906?
The severity level of CVE-2021-29906 is medium, with a severity value of 5.5.
Which software versions are affected by CVE-2021-29906?
The following versions of IBM App Connect Enterprise Certified Container are affected: 1.0 with Operator, 1.1 with Operator, 1.2 with Operator, 1.3 with Operator, 1.4 with Operator, and 1.5 with Operator.
How can CVE-2021-29906 be exploited?
CVE-2021-29906 can be exploited by a local user when the IBM App Connect Enterprise Certified Container is configured to use a specific IBM Cloud API key to connect to cloud-based connectors.
Where can I find more information about CVE-2021-29906?
You can find more information about CVE-2021-29906 on the IBM X-Force ID page: [https://exchange.xforce.ibmcloud.com/vulnerabilities/207630](https://exchange.xforce.ibmcloud.com/vulnerabilities/207630) and the IBM Support page: [https://www.ibm.com/support/pages/node/6497177](https://www.ibm.com/support/pages/node/6497177).
- collector/ibm-support
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm app connect enterprise certified container
- version/ibm app connect enterprise certified container/1.0 with operator
- version/ibm app connect enterprise certified container/1.1 with operator
- version/ibm app connect enterprise certified container/1.2 with operator
- version/ibm app connect enterprise certified container/1.3 with operator
- version/ibm app connect enterprise certified container/1.4 with operator
- version/ibm app connect enterprise certified container/1.5 with operator
- version/ibm app connect enterprise certified container/1.0.0
- version/ibm app connect enterprise certified container/1.1.0
- version/ibm app connect enterprise certified container/1.2.0
- version/ibm app connect enterprise certified container/1.3.0
- version/ibm app connect enterprise certified container/1.4.0
- version/ibm app connect enterprise certified container/1.5.0
- vendor/redhat
- canonical/redhat openshift