CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28761 – IBM App Connect Enterprise HTML injection
https://notcve.org/view.php?id=CVE-2024-28761
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 es vulnerable a la inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, una vez visto, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285245 https://www.ibm.com/support/pages/node/7150847 •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22356 – IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
https://notcve.org/view.php?id=CVE-2024-22356
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.9.0 e IBM Integration Bus para z/OS 10.1 a 10.1.0.2 almacenan información potencialmente confidencial en archivos de registro o rastreo que un usuario privilegiado podría leer. ID de IBM X-Force: 280893. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 https://www.ibm.com/support/pages/node/7145144 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22317 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-22317
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.24 y 12.0.1.0 a 12.0.11.0 podría permitir a un atacante remoto obtener información confidencial o provocar una denegación de servicio debido a una restricción inadecuada de intentos de autenticación excesivos. ID de IBM X-Force: 279143. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 https://www.ibm.com/support/pages/node/7108661 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45176 – IBM App Connect Enterprise and IBM Integration Bus denial of service
https://notcve.org/view.php?id=CVE-2023-45176
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.10.0 e IBM Integration Bus 10.1 a 10.1.0.1 son vulnerables a una Denegación de Servicio (DoS) para los nodos de integración en Windows. ID de IBM X-Force: 247998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267998 https://www.ibm.com/support/pages/node/7051448 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40682 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2023-40682
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. IBM App Connect Enterprise versiones 12.0.1.0 a la 12.0.8.0 contiene una vulnerabilidad no especificada que podría permitir a un usuario local privilegiado obtener información confidencial de los registros de API. ID de IBM X-Force: 263833. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263833 https://www.ibm.com/support/pages/node/7051204 • CWE-532: Insertion of Sensitive Information into Log File •