CVE-2022-22491 – This vulnerability in IBM App Connect Enterpris... (How to Fix)

Q: What is the severity of CVE-2022-22491?

CVE-2022-22491 has a CVSS score of 5.5 (MEDIUM). This vulnerability in IBM App Connect Enterprise Certified Container allows attackers to write unlimited data to the local filesystem, potentially exhausting storage and causing Pod restarts in Red Hat OpenShift environments. It affects multiple versions of IBM App Connect Enterprise running in OpenShift containers. The issue stems from insufficient filesystem write restrictions.

📋 TL;DR

This vulnerability in IBM App Connect Enterprise Certified Container allows attackers to write unlimited data to the local filesystem, potentially exhausting storage and causing Pod restarts in Red Hat OpenShift environments. It affects multiple versions of IBM App Connect Enterprise running in OpenShift containers. The issue stems from insufficient filesystem write restrictions.

💻 Affected Systems

Products:

IBM App Connect Enterprise Certified Container

Versions: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4

Operating Systems: Red Hat OpenShift

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects containers running in Red Hat OpenShift environments. Requires write access to the container filesystem.

📦 What is this software?

App Connect Enterprise Certified Container by Ibm

View all CVEs affecting App Connect Enterprise Certified Container →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete storage exhaustion leading to Pod crashes, service disruption, and potential denial of service affecting application availability.

🟠

Likely Case

Storage consumption causing Pod restarts and intermittent service disruptions in affected containers.

🟢

If Mitigated

Minimal impact with proper resource limits and monitoring in place to detect abnormal storage usage.

🌐 Internet-Facing: MEDIUM - While exploitation requires access to the container, internet-facing instances could be targeted if other vulnerabilities provide initial access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires write access to the container filesystem. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM Security Bulletin

Vendor Advisory: https://www.ibm.com/support/pages/node/7180500

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin for specific patch versions. 2. Update IBM App Connect Enterprise Certified Container to patched version. 3. Restart affected Pods. 4. Verify storage restrictions are properly enforced.

🔧 Temporary Workarounds

Implement Storage Resource Limits

linux

Configure OpenShift resource limits to restrict storage usage per Pod

oc set resources deployment/<deployment-name> --limits=storage=10Gi

Implement ReadOnlyRootFilesystem

all

Configure containers to run with read-only root filesystem where possible

securityContext:
  readOnlyRootFilesystem: true

🧯 If You Can't Patch

Implement strict storage quotas and monitoring for abnormal write patterns
Isolate vulnerable containers in separate namespaces with network policies

🔍 How to Verify

Check if Vulnerable:

Check IBM App Connect Enterprise version and verify if running in affected version range on OpenShift

Check Version:

oc get pods -o jsonpath='{.items[*].spec.containers[*].image}' | grep app-connect

Verify Fix Applied:

Verify updated version and test write restrictions to local filesystem

📡 Detection & Monitoring

Log Indicators:

Rapid storage consumption alerts
Pod restart events due to storage pressure
Abnormal write operations in container logs

Network Indicators:

Unusual outbound traffic patterns if combined with data exfiltration

SIEM Query:

source="openshift" AND ("storage full" OR "pod restart" OR "out of disk")

📊 Metadata

CVE ID: CVE-2022-22491

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.03% exploit probability (6.4th percentile)

Published: January 9, 2025

Last Updated: June 20, 2025

🔗 References

https://www.ibm.com/support/pages/node/7180500 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22491, you might also want to check these: