CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49338 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-49338
18 Jan 2025 — IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. • https://www.ibm.com/support/pages/node/7175396 • CWE-1323: Improper Management of Sensitive Trace Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31894 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31894
22 May 2024 — IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del usuario utilizando un token de acceso caducado. ID de IBM X-Force: 288175. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288175 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31895 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31895
22 May 2024 — IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del usuario utilizando un token de acceso caducado. ID de IBM X-Force: 288176. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288176 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31893 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31893
22 May 2024 — IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del calendario utilizando un token de acceso caducado. ID de IBM X-Force: 288174.v • https://exchange.xforce.ibmcloud.com/vulnerabilities/288174 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31904 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-31904
22 May 2024 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. Los nodos de integración de IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 podrían permitir que un usuario autenticado provoque una denegación de servicio debido a una excepción no detectada. ID de IBM X-Force: 289647. • https://exchange.xforce.ibmcloud.com/vulnerabilities/289647 • CWE-248: Uncaught Exception •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28760 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-28760
11 May 2024 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. El panel de IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 es vulnerable a una denegación de servicio debido a restricciones inadecuadas de asignación de recursos. ID de IBM X-Force: 285244. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285244 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28761 – IBM App Connect Enterprise HTML injection
https://notcve.org/view.php?id=CVE-2024-28761
11 May 2024 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 es vulnerable a la inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, una vez visto, se ejecutaría en e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/285245 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22356 – IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
https://notcve.org/view.php?id=CVE-2024-22356
26 Mar 2024 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.9.0 e IBM Integration Bus para z/OS 10.1 a 10.1.0.2 almacenan información potencialmente confidencial en archivos de registro o rastreo que un usuario privilegiado podría leer. ID de IB... • https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22317 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-22317
18 Jan 2024 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.24 y 12.0.1.0 a 12.0.11.0 podría permitir a un atacante remoto obtener información confidencial o provocar una denegación de servicio debido a una restricción inadecuada de intentos de autenticación ex... • https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45176 – IBM App Connect Enterprise and IBM Integration Bus denial of service
https://notcve.org/view.php?id=CVE-2023-45176
14 Oct 2023 — IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.10.0 e IBM Integration Bus 10.1 a 10.1.0.1 son vulnerables a una Denegación de Servicio (DoS) para los nodos de integración en Windows. ID de IBM X-Force: 247998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267998 • CWE-20: Improper Input Validation •