Lucene search

IBMBED3C2891A360684D57CFF5A61FB220C4A3CFF00525A83C46DFF1D05161A4239

HistoryMay 10, 2024 - 3:49 p.m.

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service (CVE-2024-28760)

2024-05-1015:49:23

www.ibm.com

ibm app connect enterprise

vulnerability

denial of service

cve-2024-28760

improper restrictions

resource allocation

fix

it45957

version 12.0.1.0

12.0.12.0

11.0.0.1

11.0.0.25

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

Summary

IBM App Connect Enterprise Dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. This bulletin identifies the steps to take to address the vulnerability

Vulnerability Details

CVEID:CVE-2024-28760
**DESCRIPTION:**IBM App Connect Enterprise dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285244 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM App Connect Enterprise	12.0.1.0 - 12.0.12.0
IBM App Connect Enterprise	11.0.0.1 - 11.0.0.25

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise

Affected Product(s)

Version(s)

| APAR|

Remediation / Fixes

—|—|—|—
IBM App Connect Enterprise| 12.0.1.0 - 12.0.12.0|

IT45957

The APAR (IT45957) is available from

IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.1

IBM App Connect Enterprise| 11.0.0.1 - 11.0.0.25|

IT45957

The APAR (IT45957) is available from

IBM App Connect Enterprise v11- Fix Pack Release 11.0.0.26

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmapp_connect_enterpriseRange12.0.1.0≥

ibmapp_connect_enterpriseRange≤12.0.12.0

ibmapp_connect_enterpriseRange11.0.0.1≥

ibmapp_connect_enterpriseRange≤11.0.0.25

CPENameOperatorVersion
ibm app connect enterprisege12.0.1.0
ibm app connect enterprisele12.0.12.0
ibm app connect enterprisege11.0.0.1
ibm app connect enterprisele11.0.0.25

Name	Operator	Version
ibm app connect enterprise	ge	12.0.1.0
ibm app connect enterprise	le	12.0.12.0
ibm app connect enterprise	ge	11.0.0.1
ibm app connect enterprise	le	11.0.0.25

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

Related for BED3C2891A360684D57CFF5A61FB220C4A3CFF00525A83C46DFF1D05161A4239