CVE-2022-43922
IBM App Connect Enterprise Certified Container information disclosure
In short
IBM App Connect Enterprise containers use a weak hash to protect API keys in their configuration files, allowing attackers to potentially recover these sensitive credentials and gain unauthorized access.
Technical detail
The vulnerability exists in IBM App Connect Enterprise Certified Container versions 4.1–6.2, where API keys are protected with insufficient hashing algorithms in configuration storage. An attacker with access to configuration data can perform brute-force or cryptanalysis attacks to recover plaintext API keys, leading to unauthorized API access and potential system compromise.
Summary generated and translated by AI from the official description.
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
IBM · App Connect Enterprise Certified ContainerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →