24 matches found
CVE-2025-13723 IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...
EUVD-2024-29752
Malicious code in bioql PyPI...
EUVD-2024-29751
Malicious code in bioql PyPI...
EUVD-2024-29753
Malicious code in bioql PyPI...
CVE-2024-31894
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175...
CVE-2024-31895
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176...
CVE-2024-31893
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174...
CVE-2021-35473
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4...
CVE-2021-35473
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to an authenticated user accessing sensitive information [CVE-2024-31893 CVE-2024-31894 CVE-2024-31895]
Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...
Unspecified Vulnerability in IBM App Connect Enterprise (CNVD-2024-24718)
IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...
Unspecified Vulnerability in IBM App Connect Enterprise (CNVD-2024-24720)
IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...
CVE-2024-31894
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175...
CVE-2024-31895
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176...
CVE-2024-31894 IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175...
CVE-2024-31894
CVE-2024-31894 affects IBM App Connect Enterprise 12.0.1.0–12.0.12.1 and allows an authenticated user to obtain sensitive user information via an expired access token (information disclosure). The issue is discussed across multiple sources (IBM X-Force ID 288175; Red Hat security page; IBM bullet...
CVE-2024-31894 IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175...
CVE-2024-31895 IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176...
CVE-2024-31895
CVE-2024-31895 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 . The vulnerability allows an authenticated user to obtain sensitive user information by exploiting an expired access token, representing a confidentiality impact (CVSS base score ~4.3–6.5 depending on source). ...
CVE-2024-31895 IBM App Connect Enterprise information disclosure
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176...