SB2022120216 - IBM App Connect Enterprise Certified Container update for e2fsprogs
Published: December 2, 2022 Updated: February 3, 2023
Security Bulletin ID
SB2022120216
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-arbitrary-code-execution-due-to-cve-2022-1304/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-arbitrary-code-execution-due-to-cve-2022-1304/</a></p><p>
- https://www.ibm.com/support/pages/node/6843909</p><p><br></p>