CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52362 – IBM App Connect Enterprise Certified Container denial of service
https://notcve.org/view.php?id=CVE-2024-52362
12 Mar 2025 — IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. • https://www.ibm.com/support/pages/node/7185527 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0799 – IBM App Connect Enterprise Arbitrary File Write
https://notcve.org/view.php?id=CVE-2025-0799
06 Feb 2025 — IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories. IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted... • https://www.ibm.com/support/pages/node/7182418 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43916 – IBM App Connect Enterprise Certified Container improper communications restriction
https://notcve.org/view.php?id=CVE-2022-43916
30 Jan 2025 — IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure. • https://www.ibm.com/support/pages/node/7181916 • CWE-862: Missing Authorization CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49338 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-49338
18 Jan 2025 — IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. • https://www.ibm.com/support/pages/node/7175396 • CWE-1323: Improper Management of Sensitive Trace Data •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22491 – IBM App Connect Enterprise Certified Container denial of service
https://notcve.org/view.php?id=CVE-2022-22491
09 Jan 2025 — IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12... • https://www.ibm.com/support/pages/node/7180500 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51465 – IBM App Connect Enterprise Certified Container command execution
https://notcve.org/view.php?id=CVE-2024-51465
04 Dec 2024 — IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2 y 12.3 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema mediante el envío de una solicitud especialmente manipulada. IBM App Connect Enterprise Certified Container 1... • https://www.ibm.com/support/pages/node/7177814 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43915 – IBM App Connect Enterprise Certified Container
https://notcve.org/view.php?id=CVE-2022-43915
24 Aug 2024 — IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges. • https://www.ibm.com/support/pages/node/7166463 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31894 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31894
22 May 2024 — IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del usuario utilizando un token de acceso caducado. ID de IBM X-Force: 288175. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288175 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31895 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31895
22 May 2024 — IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del usuario utilizando un token de acceso caducado. ID de IBM X-Force: 288176. • https://exchange.xforce.ibmcloud.com/vulnerabilities/288176 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31893 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2024-31893
22 May 2024 — IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. IBM App Connect Enterprise 12.0.1.0 a 12.0.12.1 podría permitir que un usuario autenticado obtenga información confidencial del calendario utilizando un token de acceso caducado. ID de IBM X-Force: 288174.v • https://exchange.xforce.ibmcloud.com/vulnerabilities/288174 • CWE-324: Use of a Key Past its Expiration Date •