Lucene search
K
IbmApp Connect Enterprise

17 matches found

CVE
CVE
added 2023/10/14 3:35 p.m.95 views

CVE-2023-45176

CVE-2023-45176 affects IBM App Connect Enterprise 11.0.0.1–11.0.0.23, 12.0.1.0–12.0.10.0, and IBM Integration Bus 10.1–10.1.0.1. The issue is a denial of service for Windows integration nodes caused by insufficient input validation. Impact is availability (as stated in sources). Remediation: inte...

6.2CVSS5.5AI score0.00177EPSS
CVE
CVE
added 2024/05/11 12:57 p.m.89 views

CVE-2024-28761

IBM App Connect Enterprise (versions 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0) is vulnerable to an HTML injection in the Admin API/Dashboard component. The issue arises from inadequate protection of the web page structure, enabling a remote attacker to inject HTML that executes in the victim’s b...

5.4CVSS6.6AI score0.0033EPSS
CVE
CVE
added 2024/03/26 2:12 p.m.87 views

CVE-2024-22356

CVE-2024-22356 affects IBM App Connect Enterprise 11.0.0.1–11.0.0.23, 12.0.1.0–12.0.9.0, and IBM Integration Bus for z/OS 10.1–10.1.0.2. The issue is information disclosure: potentially sensitive data stored in log or trace files could be read by a privileged user. The IBM bulletin lists CVSS Bas...

4.9CVSS4.7AI score0.00538EPSS
CVE
CVE
added 2023/02/06 8:25 p.m.83 views

CVE-2022-42439

Summary: IBM App Connect Enterprise (ACE) versions 11.0.0.17–11.0.0.19 and 12.0.4.0–12.0.5.0 contain an unspecified vulnerability in the Discovery Connector nodes that may disclose a third-party system’s credentials to a privileged attacker. Affected products/versions (as documented): ACE 11.0.0....

6.8CVSS5.2AI score0.00671EPSS
CVE
CVE
added 2024/05/22 7:4 p.m.74 views

CVE-2024-31893

CVE-2024-31893 affects IBM App Connect Enterprise 12.0.1.0–12.0.12.1. An authenticated user could obtain sensitive calendar information via an expired access token, originating from components used in Calendly/Square/Docusign connectors (calendar access via the Expired Token handling). IBM X-Forc...

4.3CVSS4.2AI score0.00261EPSS
CVE
CVE
added 2024/05/22 7:16 p.m.74 views

CVE-2024-31895

CVE-2024-31895 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 . The vulnerability allows an authenticated user to obtain sensitive user information by exploiting an expired access token, representing a confidentiality impact (CVSS base score ~4.3–6.5 depending on source). ...

6.5CVSS4.2AI score0.00275EPSS
CVE
CVE
added 2023/10/13 3:41 p.m.70 views

CVE-2023-40682

CVE-2023-40682 affects IBM App Connect Enterprise versions 12.0.1.0 through 12.0.8.0 and describes an unspecified vulnerability enabling a local privileged user to obtain sensitive information from API logs. Multiple connected sources corroborate the affected product and the information-disclosur...

4.4CVSS4.2AI score0.00179EPSS
CVE
CVE
added 2024/05/11 1:0 p.m.68 views

CVE-2024-28760

CVE-2024-28760 affects IBM App Connect Enterprise dashboard. Affected versions: 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0. Root cause: improper restrictions of resource allocation in the Dashboard component, leading to a denial of service. Practical impact: DoS, with CVSS base score 4.3 (Network ...

4.3CVSS6.3AI score0.00457EPSS
CVE
CVE
added 2024/05/22 6:34 p.m.66 views

CVE-2024-31904

IBM App Connect Enterprise integration nodes (AdminAPI) are affected by CVE-2024-31904. An authenticated user could cause a denial of service due to an uncaught exception. Affected versions include 11.0.0.1–11.0.0.25 and 12.0.1.0–12.0.12.0. IBM’s bulletin describes remediation: upgrade to App Con...

6.5CVSS6.3AI score0.00516EPSS
CVE
CVE
added 2024/05/22 7:17 p.m.64 views

CVE-2024-31894

CVE-2024-31894 affects IBM App Connect Enterprise 12.0.1.0–12.0.12.1 and allows an authenticated user to obtain sensitive user information via an expired access token (information disclosure). The issue is discussed across multiple sources (IBM X-Force ID 288175; Red Hat security page; IBM bullet...

4.3CVSS4.2AI score0.00261EPSS
CVE
CVE
added 2025/01/18 3:0 p.m.61 views

CVE-2024-49338

CVE-2024-49338 affects IBM App Connect Enterprise: versions 12.0.1.0–12.0.7.0 and 13.0.1.0 under certain configurations. The issue could allow a privileged user to obtain JMS credentials due to improper management of sensitive trace data (CWE-1323). This is a configuration‑dependent information d...

4.9CVSS4.5AI score0.00367EPSS
CVE
CVE
added 2024/01/18 1:16 p.m.60 views

CVE-2024-22317

IBM App Connect Enterprise (versions 11.0.0.1–11.0.0.24 and 12.0.1.0–12.0.11.0) is vulnerable to information disclosure or denial of service via remote authentication brute-forcing due to improper restriction of excessive authentication attempts. The issue affects the remote administration API an...

9.1CVSS8.7AI score0.01025EPSS
CVE
CVE
added 2025/02/06 12:24 a.m.56 views

CVE-2025-0799

Summary: CVE-2025-0799 affects IBM App Connect Enterprise and related Certified Container components. An authenticated user could exploit a path traversal flaw during bar configuration deployment to write arbitrary files, due to improper pathname restrictions on restricted directories. Affected v...

6.5CVSS6.5AI score0.00479EPSS
CVE
CVE
added 2023/02/06 8:38 p.m.52 views

CVE-2022-42444

CVE-2022-42444 affects IBM App Connect Enterprise 11.0.0.8–11.0.0.19 and 12.0.1.0–12.0.5.0, where a buffer overflow could allow a remote privileged user to crash the application. The root cause is a vulnerability in IBM App Connect Enterprise’s handling that leads to uncontrolled memory operation...

6.5CVSS5.8AI score0.01129EPSS
CVE
CVE
added 2026/05/27 12:58 p.m.42 views

CVE-2026-5515

CVE-2026-5515 affects IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0. The vulnerability arises because the product stores potentially sensitive information in log files that could be read by a local user, enabling confidential disclosure. Affected versions and remediation are documented by ...

5.5CVSS5.8AI score0.001EPSS
CVE
CVE
added 2026/06/30 7:19 p.m.19 views

CVE-2026-3602

IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit are vulnerable to SQL injection (CWE-73). Affected: IBM App Connect Enterprise versions 13.0.1.0–13.0.7.2 and 12.0.1.0–12.0.12.26; IBM Integration Bus for z/OS 10.1.0.0–10.1.0.7. Root cause: external control of file name or path ...

5.5CVSS5.9AI score0.00183EPSS
CVE
CVE
added 2025/10/24 9:35 a.m.15 views

CVE-2025-36361

IBM App Connect Enterprise is affected by CVE-2025-36361: versions 13.0.1.0–13.0.4.2 and 12.0.1.0–12.0.12.17 allow an authenticated user to perform unauthorized actions on customer-defined resources due to missing authorization. Impact is described as lack of authorization affecting confidentiali...

8.8CVSS6.1AI score0.002EPSS