CVE-2022-43915

HIGH EPSS 30.8%
Published Aug 24, 20241y ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published Aug 24, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
30.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-732

Affected Products 20

VendorProductVersionRange
ibmapp_connect_enterprise_certified_container5.0any
ibmapp_connect_enterprise_certified_container7.1any
ibmapp_connect_enterprise_certified_container7.2any
ibmapp_connect_enterprise_certified_container8.0any
ibmapp_connect_enterprise_certified_container8.1any
ibmapp_connect_enterprise_certified_container8.2any
ibmapp_connect_enterprise_certified_container9.0any
ibmapp_connect_enterprise_certified_container9.1any
ibmapp_connect_enterprise_certified_container9.2any
ibmapp_connect_enterprise_certified_container10.0any
ibmapp_connect_enterprise_certified_container10.1any
ibmapp_connect_enterprise_certified_container11.0any
ibmapp_connect_enterprise_certified_container11.1any
ibmapp_connect_enterprise_certified_container11.2any
ibmapp_connect_enterprise_certified_container11.3any
ibmapp_connect_enterprise_certified_container11.4any
ibmapp_connect_enterprise_certified_container11.5any
ibmapp_connect_enterprise_certified_container11.6any
ibmapp_connect_enterprise_certified_container12.0any
ibmapp_connect_enterprise_certified_container12.1any

References 2

  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/241037
    VDB EntryVendor Advisory
  • ibm.com https://www.ibm.com/support/pages/node/7166463
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.