CVE-2022-43915

{"id": "CVE-2022-43915", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}]}, "published": "2024-08-24T12:15:04.080", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241037", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7166463", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges."}, {"lang": "es", "value": "IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0 y 12.1 no limita las llamadas para dejar de compartir en Pods en ejecuci\u00f3n. Esto puede permitir que un usuario con acceso para ejecutar comandos en un Pod en ejecuci\u00f3n aumente sus privilegios de usuario."}], "lastModified": "2024-08-27T15:30:57.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B1A13B-7F98-44A6-9933-A0052E93D7F5"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "058D0F10-2D9C-4BDF-AB79-12D0E758BA26"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "197A51DC-9A53-4A3D-ABAD-9E6116489F4A"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAB48ED5-5028-4EB8-BA9E-B89D76D9CBAF"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FA30E32-39ED-4288-9399-CED260F0CBE5"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31139101-5917-4269-BCD0-CC10D3AD460C"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BF99C78-6390-446A-B51D-4C63A8308BAE"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CFAF93C-6945-43F9-B97E-8CE42E6F583B"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0244144F-1F2D-49AA-9051-FA229491C961"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EDD740F-ACDE-4D1A-B50F-EFA9C52C4F7B"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA5A55F4-118A-4361-A9CF-0FEC0049D534"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41A22853-2AB5-4391-B4E8-5EF80271F9AB"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BD18D87-106B-4131-A5A0-59B0B0144158"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E63B3C7-B7E3-4283-AF86-744883C81306"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C010EE2-6BAA-4314-8C54-C3653DDF4F04"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CB6E8D9-3CD1-4BC0-9A48-3C4511878066"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA51BE8F-5697-4CB7-8354-2CC32CE6BFF7"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4B75CCB-01DC-43BC-AB8D-60EB45A1A01C"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "950D1391-A44E-43E6-879E-6E970C8B4418"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BE3462C-C27A-49D1-BBF1-B8362BD73603"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}