CVE-2022-42439

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 11.0.0.17 through 11.0.0.19 IBM App Connect Enterprise versions 12.0.4.0 and 12.0.5.0

Description The issue is related to a lack of protection for service data in the Discovery component of the App Connect Enterprise Certified Container. This may allow a remote attacker to disclose protected information. Specifically, the vulnerability in the Discovery Connector nodes could cause a 3rd party system's credentials to be exposed to a privileged attacker.

Recommendations For IBM App Connect Enterprise versions 11.0.0.17 through 11.0.0.19, consider restricting access to the Discovery Connector nodes to minimize the risk of credential exposure. For IBM App Connect Enterprise versions 12.0.4.0 and 12.0.5.0, consider implementing additional security measures to protect 3rd party system credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.