A denial-of-service vulnerability has been identified in IBM App Connect Enterprise Certified Container versions 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4. This vulnerability arises because the application does not properly restrict writing to the local filesystem when running in Red Hat OpenShift. As a result, it may lead to the exhaustion of available storage in a Pod, causing the Pod to be restarted.
Exhaustion of available storage in a Pod, leading to the Pod being restarted.
Users are advised to upgrade to App Connect Enterprise Certified Container Operator version 12.5.1 or higher for the Continuous Delivery release, and version 12.0.5 or higher for the Long Term Support release. Documentation on the upgrade process is available on the IBM App Connect documentation site.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
