Security Bulletin: IBM App Connect Enterprise is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') due to Lodash (CVE-2025-13465)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' due to Lodash. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...

CVE-2024-31893

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174...

CVE-2024-31893

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...

CVE-2024-28760

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244...

CVE-2024-28760

CVE-2024-28760 affects IBM App Connect Enterprise dashboard. Affected versions: 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0. Root cause: improper restrictions of resource allocation in the Dashboard component, leading to a denial of service. Practical impact: DoS, with CVSS base score 4.3 (Network ...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service (CVE-2024-28760)

Summary IBM App Connect Enterprise Dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. This bulletin identifies the steps to take to address the vulnerability Vulnerability Details CVEID:CVE-2024-28760 DESCRIPTION: IBM App Connect Enterprise dashboa...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to the node.js module follow-redirects and Express.js (CVE-2024-28849, CVE-2024-29041)

Summary IBM App Connect Enterprise is vulnerable to a remote attack due to node.js module follow-redirects and Express.js. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow...

PT-2024-5320 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.25 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.0 Description: The issue exists due to inadequate protection of the web page structure in the Dashboard component of I...

Security Bulletin: IBM App Connect Enterprise is vulnerable to cross-site request forgery due to Axios ( CVE-2023-45857)

Summary IBM App Connect Enterprise is vulnerable to a a cross-site request forgery due to Axios. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to the electron module (CVE-2023-45143)

Summary IBM App Connect Enterprise is vulnerable to allowing a remote authenticated attacker to obtain sensitive information, due to the electron module. Electron is used for Discovery Connectors in IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerabilit...

Design/Logic Flaw

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a potential information disclosure

Summary IBM App Connect Enterprise contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs CVE-2023-40682. Vulnerability Details CVEID:CVE-2023-40682 DESCRIPTION: IBM App Connect Enterprise contains an unspecified vulnerability...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js (CVE-2023-23920)

Summary IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js CVE-2023-23920. The fix includes Node.js 14.21.3 Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused b...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom [CVE-2022-39353]

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom. CVE-2022-39353 The resolving fix includes xmldom 0.8.5 and 0.8.6 Vulnerability Details CVEID:CVE-2022-39353 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security...