The vulnerability of the Access Token Handler component in the software integration control panel for IBM App Connect Enterprise allows a malicious actor to obtain confidential calendar information using an access token with an expired validity period.

🗓️ 01 Aug 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Token Handler flaw in App Connect Enterprise exposes calendar data via expired tokens.

Reporter	Title	Published	Views	Family All 12
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to an authenticated user accessing sensitive information [CVE-2024-31893 CVE-2024-31894 CVE-2024-31895]	5 Jun 202414:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to an authenticated user accessing sensitive information (CVE-2024-31893, CVE-2024-31894 & CVE-2024-31895)	22 May 202404:16	–	ibm
CNNVD	IBM App Connect Enterprise 安全漏洞	22 May 202400:00	–	cnnvd
CNVD	Unspecified Vulnerability in IBM App Connect Enterprise (CNVD-2024-24718)	27 May 202400:00	–	cnvd
CVE	CVE-2024-31893	22 May 202419:04	–	cve
Cvelist	CVE-2024-31893 IBM App Connect Enterprise information disclosure	22 May 202419:04	–	cvelist
EUVD	EUVD-2024-29751	3 Oct 202520:07	–	euvd
NVD	CVE-2024-31893	22 May 202419:15	–	nvd
OSV	CVE-2024-31893	22 May 202419:15	–	osv
Positive Technologies	PT-2024-5321 · Ibm · Ibm App Connect Enterprise	22 May 202400:00	–	ptsecurity

Vulners

Node

ibm ibm_app_connect_enterpriseRange12.0.1.0–12.0.12.1

Source	Link
ibm	www.ibm.com/support/pages/node/7154606
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/288174
vuldb	www.vuldb.com/ru/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024060630
web	www.web.nvd.nist.gov/view/vuln/detail

01 Aug 2024 00:00Current

CVSS 24

CVSS 34.3

EPSS0.00107

access token token handler calendar data expired tokens authentication weakness app connect enterprise