CVE-2022-42439

MEDIUM

IBM App Connect Enterprise < 11.0.0.19 - Information Disclosure

Title source: rule

Description

IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://www.ibm.com/support/pages/node/6952435

VDB Entry, Vendor Advisory vdb-entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/238211

Scores

CVSS v3 6.8

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532 CWE-200

Status published

Products (9)

ibm/app_connect_enterprise 12.0.4.0

ibm/app_connect_enterprise 12.0.5.0

ibm/app_connect_enterprise 11.0.0.17 - 11.0.0.19

ibm/app_connect_enterprise_certified_container 4.1

ibm/app_connect_enterprise_certified_container 4.2

ibm/app_connect_enterprise_certified_container 5.0

ibm/app_connect_enterprise_certified_container 5.1

ibm/app_connect_enterprise_certified_container 5.2

ibm/app_connect_enterprise_certified_container 6.0

Published Feb 06, 2023

Tracked Since Feb 18, 2026