CVE-2021-29759

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-29759

CWE

https://cwe.mitre.org/data/definitions/532.html

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
App_connect_enterprise_certified_container	Ibm	1.0.0 (including)	1.0.0 (including)
App_connect_enterprise_certified_container	Ibm	1.0.1 (including)	1.0.1 (including)
App_connect_enterprise_certified_container	Ibm	1.1.0 (including)	1.1.0 (including)
App_connect_enterprise_certified_container	Ibm	1.2.0 (including)	1.2.0 (including)
App_connect_enterprise_certified_container	Ibm	1.3.0 (including)	1.3.0 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/202212
https://www.ibm.com/support/pages/node/6469449
https://exchange.xforce.ibmcloud.com/vulnerabilities/202212
https://www.ibm.com/support/pages/node/6469449

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References