Information Disclosure Vulnerability in IBM App Connect Enterprise Certified Container
CVE-2021-29906

5.1MEDIUM

Key Information:

Vendor: IBM
Status: App Connect Enterprise Certified Container
Vendor: CVE Published:; 8 October 2021

Summary

The IBM App Connect Enterprise Certified Container version range 1.0 to 1.5 is prone to an information disclosure vulnerability. When configured with an IBM Cloud API key for connecting to various cloud-based connectors, it may inadvertently expose sensitive information to local users. It is crucial for organizations relying on this product to assess their configurations to prevent unintended data leaks and ensure robust security measures are in place to protect sensitive information.

Affected Version(s)

App Connect Enterprise Certified Container 1.0.0

App Connect Enterprise Certified Container 1.0.1

App Connect Enterprise Certified Container 1.0.2

References

https://www.ibm.com/support/pages/node/6497177

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/207630

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2021
Vulnerability Reserved
Mar 31, 2021