IBM App Connect Enterprise and IBM Integration Bus Vulnerabilities. CVE-2022-44906
IBM ACE and IBM Integration Bus Vulnerabilities, due to due to node.js minimist module, were announced:
IBM App Connect Enterprise and IBM Integration Bus are vulnerable to arbitrary code execution due to the node.js minimist module ( CVE-2022-44906). A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes minimist 1.2.6 Vulnerability Details CVEID: CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in setKey() function in the index.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 5.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222195 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) Remediation/Fixes IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise Product(s) Version(s) APAR Remediation / Fix IBM Integration Bus see section Workarounds and Mitigations Workarounds and Mitigations IBM strongly recommends addressing the […]
Arbitrary code execution due to the node.js minimist module isn’t the only security and/or compliance concern for your Enterprise Messaging security. When assessing vulnerability risks you need to include an Inside-Out approach. Infrared360 can help you mitigate inside-out IBM Integration Bus vulnberabilities, ACE vulnerabilities, and all your middleware inside-out vulnerabilities – while giving your middleware team smarter, easier, tools for optimizing performance and meeting SLAs. Check out the information below or our Infrared360 overview.
Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka®, IBM MQ™, IBM IIB™, TIBCO EMS™, WebSphere™, JBoss™, & Apache™, URLs, and SOAP & REST-based web services.
IBM MQ Vulnerability - When Trace is activated, Internet Pass-Thru writes sensitive data to trace files. This morning IBM Announced a newly discovered IBM MQ vulnerability. The issue is apparently Mitre is still researching the issue and has not [...]
Middleware Mash-Up 2022 User Group Event Recap: Modernize and Optimize Your IBM MQ Environment By Gabriel Marte Blanco On Wednesday, November 2nd, The New York/New Jersey Hybrid Cloud & Integration User Group, co-hosted an event with Middleware Mash-Up [...]
When: Nov 4, 2022 from 09:15 AM to 10:00 AM (ET) Daniel Cappon, a Worldwide DevOps Technical Sales lead will present how UrbanCode Velocity and Value Stream Management (VSM) make sense of your DevOps investment and give you the [...]