CVE-2023-40682

2023-10-1316:15:11

CWE-532

[email protected]

web.nvd.nist.gov

ibm

app connect enterprise

cve-2023-40682

x-force

vulnerability

api logs

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.

Affected configurations

Vulners

NVD

Node

ibmapp_connect_enterpriseRange12.0.1.0–12.0.8.0

VendorProductVersionCPE
ibmapp_connect_enterprise*cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	app_connect_enterprise	*	cpe:2.3:a:ibm:app_connect_enterprise::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "App Connect Enterprise",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "12.0.8.0",
        "status": "affected",
        "version": "12.0.1.0",
        "versionType": "semver"
      }
    ]
  }
]