First published: Wed Mar 15 2023(Updated: )
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM App Connect Enterprise Certified Container | =4.1 | |
IBM App Connect Enterprise Certified Container | =4.2 | |
IBM App Connect Enterprise Certified Container | =5.0 | |
IBM App Connect Enterprise Certified Container | =5.1 | |
IBM App Connect Enterprise Certified Container | =5.2 | |
IBM App Connect Enterprise Certified Container | =6.0 | |
IBM App Connect Enterprise Certified Container | =6.1 | |
IBM App Connect Enterprise Certified Container | =6.2 | |
IBM App Connect Enterprise Certified Container | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-43874.
IBM App Connect Enterprise Certified Container versions 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 are affected by this vulnerability.
The severity level of CVE-2022-43874 is medium with a CVSS score of 6.1.
Cross-site scripting is a vulnerability that allows users to embed arbitrary JavaScript code in a web application, which in this case, can alter the intended functionality of IBM App Connect Enterprise Certified Container and potentially lead to credential disclosure.
You can find more information about this vulnerability at the following references: [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/vulnerabilities/239963), [IBM Support](https://www.ibm.com/support/pages/node/6960189).