Cyber Resilience

CVE-2022-43916

Medium

Published: 30 January 2025

Published
30 January 2025
Modified
13 August 2025
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0008 23.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-43916 is a medium-severity Improper Restriction of Communication Channel to Intended Endpoints (CWE-923) vulnerability in Ibm App Connect Enterprise Certified Container. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exfiltration Over C2 Channel (T1041); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2022-43916 is a vulnerability in IBM App Connect Enterprise Certified Container versions 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7, where Pods used for internal infrastructure do not restrict network egress. This issue is classified under CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints) and carries a CVSS v3.1 base score of 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).

The vulnerability can be exploited by a low-privileged user (PR:L) over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation enables high impacts on confidentiality and integrity (C:H/I:H) with no availability disruption (A:N), maintaining an unchanged security scope (S:U).

IBM provides mitigation guidance in its security advisory at https://www.ibm.com/support/pages/node/7181916.

EU & UK References

Vulnerability details

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods…

more

that are used for internal infrastructure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1041 Exfiltration Over C2 Channel Exfiltration
Adversaries may steal data by exfiltrating it over an existing command and control channel.
T1071 Application Layer Protocol Command And Control
Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic.
Why these techniques?

Unrestricted pod egress directly enables outbound C2 communication (T1071) and data exfiltration over C2 channels (T1041) by removing network controls that would otherwise block or limit adversary traffic.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-61939Shared CWE-923
CVE-2026-34205Shared CWE-923
CVE-2026-35092Same product: Redhat Openshift
CVE-2026-23664Shared CWE-923
CVE-2026-35091Same product: Redhat Openshift
CVE-2026-28368Same vendor: Redhat
CVE-2025-3356Same vendor: Ibm
CVE-2026-3260Same vendor: Redhat
CVE-2025-0162Same vendor: Ibm
CVE-2023-38013Same vendor: Ibm

Affected Assets

ibm
app connect enterprise certified container
7.1 — 12.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces organization-defined information flow control policies to restrict communications to intended endpoints, directly preventing unauthorized network egress from internal infrastructure pods.

prevent

Monitors and controls communications at external boundaries and key internal interfaces, mitigating unrestricted egress traffic from pods through enforced network segmentation.

prevent

Limits systems to least functionality by configuring internal infrastructure pods to disable or restrict unnecessary outbound network capabilities.

References