Lucene search

IBM9F9DF258EC1D983497952A76EC088D39454D3F9B4C92B3AA3A49B7A880DBA6B9

HistoryOct 02, 2023 - 4:54 p.m.

Security Bulletin: The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729)

2023-10-0216:54:27

www.ibm.com

ibm

app connect enterprise

integration bus

server-side request forgery

apache batik

cve-2022-44730

cve-2022-44729

vulnerability

svg file

ssrf attack

security bulletin

it44174

fix central

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

0.001 Low

EPSS

Percentile

49.8%

JSON

Summary

The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable to a server-side request forgery due to Apache Batik (CVE-2022-44730, CVE-2022-44729).

Vulnerability Details

CVEID:CVE-2022-44730
**DESCRIPTION:**Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially crafted SVG file, an attacker could exploit this vulnerability to conduct SSRF attack to probe user profile/data and send it directly as parameter to a URL.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264130 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-44729
**DESCRIPTION:**Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially crafted SVG file, an attacker could exploit this vulnerability to conduct SSRF attack to cause resource consumption and obtain sensitive information.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264129 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM App Connect Enterprise	12.0.1.0 - 12.0.9.0
IBM App Connect Enterprise	11.0.0.1 - 11.0.0.22
IBM Integration Bus	10.1 - 10.1.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus.

Affected Product(s)	Version(s)	APAR	Remediation / Fixes
IBM App Connect Enterprise Toolkit	12.0.1.0 - 12.0.9.0	IT44174

The APAR (IT44174) is available from

IBM App Connect Enterprise v12 - Fix Pack 12.0.10.0

IBM App Connect Enterprise Toolkit| 11.0.0.1 - 11.0.0.22| IT44174|

The APAR (IT44174) is available from

IBM App Connect Enterprise v11 - Fix Pack 11.0.0.23

IBM Integration Bus Toolkit| 10.1 - 10.1.0.1| IT44174|

Interim fix for APAR (IT44174) is available to apply to 10.1.0.1 from

IBM Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmapp_connect_enterpriseRange12.0.1.0≥

ibmapp_connect_enterpriseRange≤12.0.9.0

ibmapp_connect_enterpriseRange11.0.0.1≥

ibmapp_connect_enterpriseRange≤11.0.0.22

ibmintegration_busRange10.1≥

ibmintegration_busRange≤10.1.0.1

CPENameOperatorVersion
ibm app connect enterprisege12.0.1.0
ibm app connect enterprisele12.0.9.0
ibm app connect enterprisege11.0.0.1
ibm app connect enterprisele11.0.0.22
ibm integration busge10.1
ibm integration busle10.1.0.1

Name	Operator	Version
ibm app connect enterprise	ge	12.0.1.0
ibm app connect enterprise	le	12.0.9.0
ibm app connect enterprise	ge	11.0.0.1
ibm app connect enterprise	le	11.0.0.22
ibm integration bus	ge	10.1
ibm integration bus	le	10.1.0.1