IBM App Connect Enterprise Cert Container Weak API Key Hash Disclosure
CVE-2022-43922 Published on February 1, 2023
IBM App Connect Enterprise Certified Container information disclosure
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
Vulnerability Analysis
CVE-2022-43922 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Reversible One-Way Hash
The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques. This weakness is especially dangerous when the hash is used in security algorithms that require the one-way property to hold. For example, if an authentication system takes an incoming password and generates a hash, then compares the hash to another hash that it has stored in its authentication database, then the ability to create a collision could allow an attacker to provide an alternate password that produces the same target hash, bypassing authentication.
Products Associated with CVE-2022-43922
Want to know whenever a new CVE is published for IBM App Connect Enterprise Certified Container? stack.watch will email you.
Affected Versions
IBM App Connect Enterprise Certified Container Version 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2 is affected by CVE-2022-43922Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.