Vulnerability Details CVE-2022-43874
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.2%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2022-43874
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.1
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:4.2
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.0
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.1
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:5.2
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.0
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.1
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:6.2
-
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.0