Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2804FD91CEA9E1760E582731383FF9BC8BA695765B3CFB7D7B6A99F51A782A94
HistoryJan 17, 2024 - 11:29 a.m.

Security Bulletin: IBM App Connect Enterprise is vulnerable to an information disclosure and a denial of service. (CVE-2024-22317)

2024-01-1711:29:25
www.ibm.com
22
ibm app connect enterprise
information disclosure
denial of service
vulnerability
remote administration api
brute force
cvss base score 9.1
improper restriction
authentication attempts
affected products
versions
fix pack
interim fix
security bulletin

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON

Summary

The remote administration API in IBM App Connect Enterprise is vulnerable to an information disclosure and denial of service vulnerability due to improper Brute Force protection. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2024-22317
**DESCRIPTION:**IBM App Connect Enterprise could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM App Connect Enterprise 12.0.1.0 - 12.0.11.0
IBM App Connect Enterprise 11.0.0.1 - 11.0.0.24

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise

Affected Product(s)

|

Version(s)

|

APAR

|

Remediation / Fixes

—|—|—|—

IBM App Connect Enterprise

|

12.0.1.0 - 12.0.11.0

|

IT45109

|

The APAR (IT45109) is available from

IBM App Connect Enterprise v12 - Security Fix Pack Release 12.0.11.1

IBM App Connect Enterprise

|

11.0.0.1 - 11.0.0.24

|

IT45109

|

Interim Fix for APAR (IT45109) is available to apply to 11.0.0.24 from

IBM Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmapp_connect_enterpriseRange12.0.1.0
OR
ibmapp_connect_enterpriseRange12.0.11.0
OR
ibmapp_connect_enterpriseRange11.0.0.1
OR
ibmapp_connect_enterpriseRange11.0.0.24

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2024-01-18 14:15:00
cve
cve
CVE-2024-22317
2024-01-18 14:15:07
cvelist
cvelist
CVE-2024-22317 IBM App Connect Enterprise denial of service
2024-01-18 13:16:34
nvd
nvd
CVE-2024-22317
2024-01-18 14:15:07

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON
Related for 2804FD91CEA9E1760E582731383FF9BC8BA695765B3CFB7D7B6A99F51A782A94
prion1cve1cvelist1nvd1