Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN203

_____________________________________________________________________

DATE                : 04/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running IBM App Connect Enterprise
                versions 13.0.1.0 - 13.0.2.2, 12.0.1.0 - 12.0.12.11.

=====================================================================
https://www.ibm.com/support/pages/node/7229584
_____________________________________________________________________


Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote
Code Execution and improper preservation of permissions due to
jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)
Security Bulletin


Summary

IBM App Connect Enterprise runtime, IBM App Connect Enterprise
Discovery Connectors and IBM App Connect Enterprise Connector
Discovery and OpenAPI Editor are vulnerable to Remote Code Execution
(RCE) and improper preservation of permissions due to jsonpath-plus
& snowflake-sdk.


Vulnerability Details


CVEID:   CVE-2025-1302
DESCRIPTION:   Versions of the package jsonpath-plus before 10.3.0
are vulnerable to Remote Code Execution (RCE) due to improper input
sanitization. An attacker can execute aribitrary code on the system
by exploiting the unsafe default usage of eval='safe' mode.
**Note:** This is caused by an incomplete fix for [CVE-2024-21534]
(https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
CWE:   CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source:   report@snyk.io
CVSS Base score:   9.8
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


CVEID:   CVE-2025-24791
DESCRIPTION:   snowflake-connector-nodejs is a NodeJS driver for
Snowflake. Snowflake discovered and remediated a vulnerability in
the Snowflake NodeJS Driver. File permissions checks of the
temporary credential cache could be bypassed by an attacker with
write access to the local cache directory. This vulnerability
affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed
the issue in version 2.0.2.
CWE:   CWE-281: Improper Preservation of Permissions
CVSS Source:   security-advisories@github.com
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)


Affected Products and Versions

Affected Product(s)	Version(s)
IBM App Connect Enterprise	13.0.1.0 - 13.0.2.2
IBM App Connect Enterprise	12.0.1.0 - 12.0.12.11


Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities
now by applying the appropriate fix to IBM App Connect Enterprise

Affected Product(s)
	

Version(s)                      APAR    Remediation / Fixes

IBM App Connect Enterprise    	13.0.1.0 - 13.0.2.2	IT47820	
The APAR (IT47820) is available from
IBM App Connect Enterprise v13- Fix Pack Release 13.0.3.0

IBM App Connect Enterprise    	12.0.1.0 - 12.0.12.11	IT47820	
The APAR (IT47820) is available from
IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.12



Workarounds and Mitigations
None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product
support alerts like this.


References

Complete CVSS v3 Guide
On-line Calculator v3


Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Acknowledgement

Change History

31 Mar 2025: Initial Publication

*The CVSS Environment Score is customer environment specific and
will ultimately impact the Overall CVSS Score. Customers can
evaluate the impact of this vulnerability in their environments
by accessing the links in the Reference section of this Security
Bulletin.


Disclaimer

According to the Forum of Incident Response and Security Teams
(FIRST), the Common Vulnerability Scoring System (CVSS) is an
"industry open standard designed to convey vulnerability severity
and help to determine urgency and priority of response." IBM
PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In
addition to other efforts to address potential vulnerabilities,
IBM periodically updates the record of components contained in our
product offerings. As part of that effort, if IBM identifies
previously unidentified packages in a product/service inventory,
we address relevant vulnerabilities regardless of CVE date.
Inclusion of an older CVEID does not demonstrate that the
referenced product has been used by IBM since that date, nor
that IBM was aware of a vulnerability as of that date. We are
making clients aware of relevant vulnerabilities as we become
aware of them. "Affected Products and Versions" referenced in IBM
Security Bulletins are intended to be only products and versions
that are supported by IBM and have not passed their end-of-support
or warranty date. Thus, failure to reference unsupported or
extended-support products and versions in this Security Bulletin
does not constitute a determination by IBM that they are
unaffected by the vulnerability. Reference to one or more
unsupported versions in this Security Bulletin shall not create
an obligation for IBM to provide fixes for any unsupported or
extended-support products or versions.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================