17 matches found
CVE-2023-45176
CVE-2023-45176 affects IBM App Connect Enterprise 11.0.0.1–11.0.0.23, 12.0.1.0–12.0.10.0, and IBM Integration Bus 10.1–10.1.0.1. The issue is a denial of service for Windows integration nodes caused by insufficient input validation. Impact is availability (as stated in sources). Remediation: inte...
CVE-2024-28761
IBM App Connect Enterprise (versions 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0) is vulnerable to an HTML injection in the Admin API/Dashboard component. The issue arises from inadequate protection of the web page structure, enabling a remote attacker to inject HTML that executes in the victim’s b...
CVE-2024-22356
CVE-2024-22356 affects IBM App Connect Enterprise 11.0.0.1–11.0.0.23, 12.0.1.0–12.0.9.0, and IBM Integration Bus for z/OS 10.1–10.1.0.2. The issue is information disclosure: potentially sensitive data stored in log or trace files could be read by a privileged user. The IBM bulletin lists CVSS Bas...
CVE-2022-42439
Summary: IBM App Connect Enterprise (ACE) versions 11.0.0.17–11.0.0.19 and 12.0.4.0–12.0.5.0 contain an unspecified vulnerability in the Discovery Connector nodes that may disclose a third-party system’s credentials to a privileged attacker. Affected products/versions (as documented): ACE 11.0.0....
CVE-2024-31893
CVE-2024-31893 affects IBM App Connect Enterprise 12.0.1.0–12.0.12.1. An authenticated user could obtain sensitive calendar information via an expired access token, originating from components used in Calendly/Square/Docusign connectors (calendar access via the Expired Token handling). IBM X-Forc...
CVE-2024-31895
CVE-2024-31895 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 . The vulnerability allows an authenticated user to obtain sensitive user information by exploiting an expired access token, representing a confidentiality impact (CVSS base score ~4.3–6.5 depending on source). ...
CVE-2023-40682
CVE-2023-40682 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.8.0 and describes an unspecified vulnerability enabling a local privileged user to obtain sensitive information from API logs. Multiple connected sources corroborate the affected product and the information-disclosur...
CVE-2024-28760
CVE-2024-28760 affects IBM App Connect Enterprise dashboard. Affected versions: 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0. Root cause: improper restrictions of resource allocation in the Dashboard component, leading to a denial of service. Practical impact: DoS, with CVSS base score 4.3 (Network ...
CVE-2024-31904
IBM App Connect Enterprise integration nodes (AdminAPI) are affected by CVE-2024-31904. An authenticated user could cause a denial of service due to an uncaught exception. Affected versions include 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0. IBM’s bulletin describes remediation: upgrade to App Con...
CVE-2024-31894
CVE-2024-31894 affects IBM App Connect Enterprise 12.0.1.0–12.0.12.1 and allows an authenticated user to obtain sensitive user information via an expired access token (information disclosure). The issue is discussed across multiple sources (IBM X-Force ID 288175; Red Hat security page; IBM bullet...
CVE-2024-49338
CVE-2024-49338 affects IBM App Connect Enterprise: versions 12.0.1.0–12.0.7.0 and 13.0.1.0 under certain configurations. The issue could allow a privileged user to obtain JMS credentials due to improper management of sensitive trace data (CWE-1323). This is a configuration‑dependent information d...
CVE-2024-22317
IBM App Connect Enterprise (versions 11.0.0.1–11.0.0.24 and 12.0.1.0–12.0.11.0) is vulnerable to information disclosure or denial of service via remote authentication brute-forcing due to improper restriction of excessive authentication attempts. The issue affects the remote administration API an...
CVE-2025-0799
Summary: CVE-2025-0799 affects IBM App Connect Enterprise and related Certified Container components. An authenticated user could exploit a path traversal flaw during bar configuration deployment to write arbitrary files, due to improper pathname restrictions on restricted directories. Affected v...
CVE-2022-42444
CVE-2022-42444 affects IBM App Connect Enterprise 11.0.0.8–11.0.0.19 and 12.0.1.0–12.0.5.0, where a buffer overflow could allow a remote privileged user to crash the application. The root cause is a vulnerability in IBM App Connect Enterprise’s handling that leads to uncontrolled memory operation...
CVE-2026-5515
CVE-2026-5515 affects IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0. The vulnerability arises because the product stores potentially sensitive information in log files that could be read by a local user, enabling confidential disclosure. Affected versions and remediation are documented by ...
CVE-2026-3602
IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit are vulnerable to SQL injection (CWE-73). Affected: IBM App Connect Enterprise versions 13.0.1.0–13.0.7.2 and 12.0.1.0–12.0.12.26; IBM Integration Bus for z/OS 10.1.0.0–10.1.0.7. Root cause: external control of file name or path ...
CVE-2025-36361
IBM App Connect Enterprise is affected by CVE-2025-36361: versions 13.0.1.0–13.0.4.2 and 12.0.1.0–12.0.12.17 allow an authenticated user to perform unauthorized actions on customer-defined resources due to missing authorization. Impact is described as lack of authorization affecting confidentiali...