CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52362 – IBM App Connect Enterprise Certified Container denial of service
https://notcve.org/view.php?id=CVE-2024-52362
12 Mar 2025 — IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. • https://www.ibm.com/support/pages/node/7185527 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43916 – IBM App Connect Enterprise Certified Container improper communications restriction
https://notcve.org/view.php?id=CVE-2022-43916
30 Jan 2025 — IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure. • https://www.ibm.com/support/pages/node/7181916 • CWE-862: Missing Authorization CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22491 – IBM App Connect Enterprise Certified Container denial of service
https://notcve.org/view.php?id=CVE-2022-22491
09 Jan 2025 — IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12... • https://www.ibm.com/support/pages/node/7180500 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51465 – IBM App Connect Enterprise Certified Container command execution
https://notcve.org/view.php?id=CVE-2024-51465
04 Dec 2024 — IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2 y 12.3 podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema mediante el envío de una solicitud especialmente manipulada. IBM App Connect Enterprise Certified Container 1... • https://www.ibm.com/support/pages/node/7177814 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43915 – IBM App Connect Enterprise Certified Container
https://notcve.org/view.php?id=CVE-2022-43915
24 Aug 2024 — IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges. • https://www.ibm.com/support/pages/node/7166463 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43874 – IBM App Connect Enterprise Certified Container
https://notcve.org/view.php?id=CVE-2022-43874
15 Mar 2023 — IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-42439 – IBM App Connect Enterprise information disclosure
https://notcve.org/view.php?id=CVE-2022-42439
06 Feb 2023 — IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43922 – IBM App Connect Enterprise Certified Container information disclosure
https://notcve.org/view.php?id=CVE-2022-43922
01 Feb 2023 — IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241583 • CWE-326: Inadequate Encryption Strength CWE-328: Use of Weak Hash •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31770
https://notcve.org/view.php?id=CVE-2022-31770
05 Jul 2022 — IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. IBM App Connect Enterprise Certified Container versión 4.2, podría permitir a un usuario de la consola de administración causar una denegación de servicio mediante la creación de una petición especialmente diseñada. IBM X-Force ID: 228221 • https://exchange.xforce.ibmcloud.com/vulnerabilities/228221 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22404
https://notcve.org/view.php?id=CVE-2022-22404
01 Apr 2022 — IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container versiones 1.5, 2.0, 2.1, 3.0 y 3.1) puede ser vulnerable a una denegación de servicio debido a una limitación excesiva de la velocidad • https://exchange.xforce.ibmcloud.com/vulnerabilities/222575 • CWE-770: Allocation of Resources Without Limits or Throttling •