Note:
This project will be discontinued after December 13, 2021. [more]
Product:
App_connect_enterprise
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-26 | CVE-2024-22356 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. | App_connect_enterprise, Integration_bus | 4.9 | ||
| 2024-05-22 | CVE-2024-31894 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. | App_connect_enterprise | 4.3 | ||
| 2024-05-22 | CVE-2024-31895 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. | App_connect_enterprise | 6.5 | ||
| 2024-05-14 | CVE-2024-28760 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. | App_connect_enterprise | 4.3 | ||
| 2024-05-14 | CVE-2024-28761 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245. | App_connect_enterprise | 5.4 | ||
| 2024-05-22 | CVE-2024-31893 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. | App_connect_enterprise | 4.3 | ||
| 2024-05-22 | CVE-2024-31904 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | App_connect_enterprise | 6.5 | ||
| 2023-02-06 | CVE-2022-42439 | IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. | App_connect_enterprise, App_connect_enterprise_certified_container | 4.9 | ||
| 2023-02-12 | CVE-2022-42444 | IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538. | App_connect_enterprise | 6.5 | ||
| 2023-10-13 | CVE-2023-40682 | IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. | App_connect_enterprise | 4.4 |