24 matches found
CVE-2023-45176
CVE-2023-45176 affects IBM App Connect Enterprise 11.0.0.1–11.0.0.23, 12.0.1.0–12.0.10.0, and IBM Integration Bus 10.1–10.1.0.1. The issue is a denial of service for Windows integration nodes caused by insufficient input validation. Impact is availability (as stated in sources). Remediation: inte...
CVE-2024-22356
CVE-2024-22356 affects IBM App Connect Enterprise 11.0.0.1–11.0.0.23, 12.0.1.0–12.0.9.0, and IBM Integration Bus for z/OS 10.1–10.1.0.2. The issue is information disclosure: potentially sensitive data stored in log or trace files could be read by a privileged user. The IBM bulletin lists CVSS Bas...
CVE-2024-22332
The CVE-2024-22332 entry concerns IBM Integration Bus for z/OS AdminAPI. Affected versions are 10.1 through 10.1.0.2, with a denial-of-service risk caused by file system exhaustion. IBM’s Security Bulletin confirms the vulnerability and lists APAR IT45216 as the remediation path, with an Interim ...
CVE-2024-27265
IBM Integration Bus for z/OS (versions 10.1–10.1.0.3) is affected by CVE-2024-27265, a cross-site request forgery in the Admin WebUI that could allow an attacker to perform malicious, unauthorized actions trusted by a user. Publications from multiple sources (IBM Security Bulletin, NVD, Red Hat, ...
CVE-2017-1207
CVE-2017-1207 affects IBM WebSphere Message Broker and IBM Integration Bus. The root cause is that user credentials are logged or stored in plaintext in the service trace, allowing a locally authorized user to read passwords. Affected versions include IBM Integration Bus 9.x, 10.x (up to 10.0.0.7...
CVE-2017-1144
CVE-2017-1144 affects IBM Integration Bus and WebSphere Message Broker. A denial-of-service condition could occur when a local user with specialized access triggers an unquoted search path, preventing the broker from starting. Affected products/versions include: IBM Integration Bus 10.0.0.0–10.0....
CVE-2016-9706
CVE-2016-9706 affects IBM Integration Bus (9.0/10.0) and WebSphere Message Broker SOAP FLOWS. An XML External Entity (XXE) processing flaw can lead to denial of service and potential exposure of sensitive data. Affected products/versions per IBM bulletin: IBM Integration Bus V10 (fix pack 10.0.0....
CVE-2017-1418
CVE-2017-1418 affects IBM Integration Bus and WebSphere Message Broker, with insecure file permissions on certain files that allow a local attacker to modify or delete them. Affected products/versions per the sources: IBM Integration Bus V10.0.0.0–10.0.0.11 and V9.0.0.0–9.0.0.10; WebSphere Messag...
CVE-2018-1801
CVE-2018-1801 affects IBM App Connect 11.0.0.0–11.0.0.1, IBM Integration Bus 10.0.0.0–10.0.0.13, IBM Integration Bus 9.0.0.0–9.0.0.10, and WebSphere Message Broker 8.0.0.0–8.0.0.9. It enables XML External Entity (XXE) processing vulnerabilities that could allow a remote attacker to exhaust memory...
CVE-2015-0118
CVE-2015-0118 affects IBM WebSphere WebSphere Message Broker Toolkit and IBM Integration Toolkit: Toolkit 7 (before 7007 IF2), Toolkit 8 (before 8005 IF1), and Integration Toolkit 9 (before 9003 IF1) include MQ client JARs that support only weak TLS ciphers, risking information disclosure via net...
CVE-2014-6170
CVE-2014-6170 affects IBM WebSphere Message Broker and IBM Integration Bus. The HTTPInput node can return a SOAP fault that reveals sensitive information, enabling remote attackers to access partial confidential data. Affected products/versions include IBM Integration Bus V9.0, WebSphere Message ...
CVE-2015-7399
CVE-2015-7399 affects IBM WebSphere Message Broker (v7 before 7.0.0.8) and WebSphere Message Broker v8 (before 8.0.0.6), as well as IBM Integration Bus (v9 before 9.0.0.3 and v10 before 10.0.0.0). The issue is an information-disclosure vulnerability where an attacker could remotely obtain sensiti...
CVE-2017-1126
CVE-2017-1126 affects IBM WebSphere Message Broker (now IBM Integration Bus) 9.0/10.0. An information-disclosure vulnerability could allow an unauthorized user to obtain sensitive information about software versions, potentially enabling further attacks. Affected products/versions include IBM Int...
CVE-2017-1694
IBM Integration Bus 9.0.x and 10.0.x are affected by CVE-2017-1694, where credentials are transmitted in clear text, enabling potential readout via MITM. Affected versions include IBM Integration Bus 9.0.0.0–9.0.0.9 and 10.0.0.0–10.0.0.9. The vulnerability can enable credential exposure during tr...
CVE-2015-5011
The vulnerability CVE-2015-5011 affects IBM WebSphere Message Broker 8 (pre-8.0.0.6) and IBM Integration Bus 9 (pre-9.0.0.4). The root cause is failure to perform authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, allowing a local attacker to bypass access controls and start or stop...
CVE-2016-0394
Summary: CVE-2016-0394 affects IBM Integration Bus and WebSphere Message Broker. The root cause is incorrect permissions set for an object on Unix platforms, which could allow a local attacker to manipulate certain files. Affected products/versions: IBM Integration Bus V9 and WebSphere Message Br...
CVE-2016-2961
The CVE-2016-2961 issue affects IBM Integration Bus and WebSphere Message Broker where an unauthenticated remote attacker can send a malformed HTTP POST to the integration server HTTP listener and read the Java stack trace to identify the running Tomcat version. Affected products and versions inc...
CVE-2016-9010
CVE-2016-9010 affects IBM WebSphere Message Broker and IBM Integration Bus (including V8, V9, V10 branches). The vulnerability is a clickjacking flaw caused by not setting the X-Frame-OPTIONS header in the Web UI, enabling a remote attacker to hijack a user’s click actions by luring them to a mal...
CVE-2015-2018
IBM Integration Bus (versions 9 and 10 prior to 10.0.0.1) and WebSphere Message Broker (versions 7 prior to 7.0.0.8 and 8 prior to 8.0.0.7) are affected by CVE-2015-2018 due to not ensuring the correct security profile is selected. This misconfiguration allows remote authenticated users to obtain...
CVE-2014-4819
This CVE (CVE-2014-4819) affects IBM WebSphere® Message Broker 8.0 prior to 8.0.0.6 and IBM Integration Bus 9.0 prior to 9.0.0.3. The root cause is that the web UI exposes information via error pages, enabling remote authenticated users to read sensitive data. IBM’s bulletin confirms the affected...
CVE-2017-1693
IBM Integration Bus versions 9.0.0.0–9.0.0.8 and 10.0.0.0–10.0.0.9 are affected by CVE-2017-1693, which allows session hijacking if an attacker has a valid session ID, during a short window before timeout. The IBM Security Bulletin confirms remediation via APAR IT21158, with fixes available in 9....
CVE-2016-8918
IBM Integration Bus (V10, and later) under non-default configurations could allow a remote attacker to authenticate without valid credentials, effectively bypassing authentication. The root cause is an authentication vulnerability in non-default configurations, reported as CVE-2016-8918. A fix is...
CVE-2025-36014
CVE-2025-36014 affects IBM Integration Bus for z/OS, versions 10.1.0.0–10.1.0.5. The issue is a code injection vulnerability that can be exploited by a privileged user with access to the IIB install directory. The IBM bulletin identifies CWE-94 (Code Injection) and provides a CVSS v3.1 vector of ...
CVE-2026-3602
IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit are vulnerable to SQL injection (CWE-73). Affected: IBM App Connect Enterprise versions 13.0.1.0–13.0.7.2 and 12.0.1.0–12.0.12.26; IBM Integration Bus for z/OS 10.1.0.0–10.1.0.7. Root cause: external control of file name or path ...