CVE-2022-22491: IBM App Connect Enterprise Certified Container denial of service
First published: Wed Jan 08 2025(Updated: )
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM App Connect Enterprise | <=7.1 | |
| IBM App Connect Enterprise | <=7.2 | |
| IBM App Connect Enterprise | <=8.0 | |
| IBM App Connect Enterprise | <=8.1 | |
| IBM App Connect Enterprise | <=8.2 | |
| IBM App Connect Enterprise | <=9.0 | |
| IBM App Connect Enterprise | <=9.1 | |
| IBM App Connect Enterprise | <=9.2 | |
| IBM App Connect Enterprise | <=10.0 | |
| IBM App Connect Enterprise | <=10.1 | |
| IBM App Connect Enterprise | <=11.0 | |
| IBM App Connect Enterprise | <=11.1 | |
| IBM App Connect Enterprise | <=11.2 | |
| IBM App Connect Enterprise | <=11.3 | |
| IBM App Connect Enterprise | <=11.4 | |
| IBM App Connect Enterprise | <=11.5 | |
| IBM App Connect Enterprise | <=11.6 | |
| IBM App Connect Enterprise | <=12.0 | |
| IBM App Connect Enterprise | <=12.1 | |
| IBM App Connect Enterprise | <=12.2 | |
| IBM App Connect Enterprise | <=12.3 | |
| IBM App Connect Enterprise | <=12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-22491?
CVE-2022-22491 has been classified as a medium severity vulnerability due to its potential impact on local filesystem permissions.
How do I fix CVE-2022-22491?
To fix CVE-2022-22491, ensure that the IBM App Connect Enterprise Certified Container is configured to restrict write access to the local filesystem.
What is affected by CVE-2022-22491?
CVE-2022-22491 affects multiple versions of IBM App Connect Enterprise Certified Container running in Red Hat OpenShift.
What are the risks associated with CVE-2022-22491?
The risks associated with CVE-2022-22491 include unauthorized access to and modification of local filesystem data.
Who is affected by CVE-2022-22491?
Organizations using the affected versions of IBM App Connect Enterprise Certified Container within Red Hat OpenShift are vulnerable to CVE-2022-22491.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm app connect enterprise
- version/ibm app connect enterprise/7.1
- version/ibm app connect enterprise/7.2
- version/ibm app connect enterprise/8.0
- version/ibm app connect enterprise/8.1
- version/ibm app connect enterprise/8.2
- version/ibm app connect enterprise/9.0
- version/ibm app connect enterprise/9.1
- version/ibm app connect enterprise/9.2
- version/ibm app connect enterprise/10.0
- version/ibm app connect enterprise/10.1
- version/ibm app connect enterprise/11.0
- version/ibm app connect enterprise/11.1
- version/ibm app connect enterprise/11.2
- version/ibm app connect enterprise/11.3
- version/ibm app connect enterprise/11.4
- version/ibm app connect enterprise/11.5
- version/ibm app connect enterprise/11.6
- version/ibm app connect enterprise/12.0
- version/ibm app connect enterprise/12.1
- version/ibm app connect enterprise/12.2
- version/ibm app connect enterprise/12.3
- version/ibm app connect enterprise/12.4