CVE-2024-31904 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-31904
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. Los nodos de integración de IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 podrían permitir que un usuario autenticado provoque una denegación de servicio debido a una excepción no detectada. ID de IBM X-Force: 289647. • https://exchange.xforce.ibmcloud.com/vulnerabilities/289647 https://www.ibm.com/support/pages/node/7154607 • CWE-248: Uncaught Exception •
CVE-2024-28760 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-28760
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244. El panel de IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 es vulnerable a una denegación de servicio debido a restricciones inadecuadas de asignación de recursos. ID de IBM X-Force: 285244. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285244 https://www.ibm.com/support/pages/node/7150845 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-28761 – IBM App Connect Enterprise HTML injection
https://notcve.org/view.php?id=CVE-2024-28761
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.25 y 12.0.1.0 a 12.0.12.0 es vulnerable a la inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, una vez visto, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285245 https://www.ibm.com/support/pages/node/7150847 •
CVE-2024-22356 – IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
https://notcve.org/view.php?id=CVE-2024-22356
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.23, 12.0.1.0 a 12.0.9.0 e IBM Integration Bus para z/OS 10.1 a 10.1.0.2 almacenan información potencialmente confidencial en archivos de registro o rastreo que un usuario privilegiado podría leer. ID de IBM X-Force: 280893. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 https://www.ibm.com/support/pages/node/7145144 • CWE-117: Improper Output Neutralization for Logs •
CVE-2024-22317 – IBM App Connect Enterprise denial of service
https://notcve.org/view.php?id=CVE-2024-22317
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. IBM App Connect Enterprise 11.0.0.1 a 11.0.0.24 y 12.0.1.0 a 12.0.11.0 podría permitir a un atacante remoto obtener información confidencial o provocar una denegación de servicio debido a una restricción inadecuada de intentos de autenticación excesivos. ID de IBM X-Force: 279143. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 https://www.ibm.com/support/pages/node/7108661 • CWE-307: Improper Restriction of Excessive Authentication Attempts •