All the vulnerabilites related to IBM - App Connect Enterprise
cve-2024-28761
Vulnerability from cvelistv5
Published
2024-05-11 12:57
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise HTML injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7150847 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/285245 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:15:49.473437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:15:56.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7150847"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.25",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.12.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 285245."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-Force ID: 285245."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-11T12:57:59.134Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7150847"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285245"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise HTML injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-28761",
"datePublished": "2024-05-11T12:57:59.134Z",
"dateReserved": "2024-03-10T12:22:43.137Z",
"dateUpdated": "2024-08-02T00:56:58.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31893
Vulnerability from cvelistv5
Published
2024-05-22 19:04
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7154606 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/288174 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:18:07.085045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:39.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:49.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154606"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.0.12.1",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174."
}
],
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324 Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:04:53.056Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154606"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288174"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31893",
"datePublished": "2024-05-22T19:04:53.056Z",
"dateReserved": "2024-04-07T12:44:57.195Z",
"dateUpdated": "2024-08-02T01:59:49.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40682
Vulnerability from cvelistv5
Published
2023-10-13 15:41
Modified
2024-09-16 20:35
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7051204 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/263833 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7051204"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263833"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T20:35:13.215066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T20:35:22.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.0.8.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833."
}
],
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:41:07.361Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7051204"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263833"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-40682",
"datePublished": "2023-10-13T15:41:07.361Z",
"dateReserved": "2023-08-18T15:48:06.501Z",
"dateUpdated": "2024-09-16T20:35:22.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22356
Vulnerability from cvelistv5
Published
2024-03-26 14:12
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7145144 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/280893 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise | |
| IBM | Integration Bus |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7145144"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:34:25.516722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:40.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.23",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.9.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.1.0.2",
"status": "affected",
"version": "10.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T14:12:18.122Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7145144"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22356",
"datePublished": "2024-03-26T14:12:18.122Z",
"dateReserved": "2024-01-08T23:42:36.757Z",
"dateUpdated": "2024-08-05T16:34:40.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31895
Vulnerability from cvelistv5
Published
2024-05-22 19:16
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7154606 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/288176 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T20:08:44.469157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T20:08:52.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154606"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.0.12.1",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176."
}
],
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324 Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:16:30.321Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154606"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288176"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31895",
"datePublished": "2024-05-22T19:16:30.321Z",
"dateReserved": "2024-04-07T12:44:57.196Z",
"dateUpdated": "2024-08-02T01:59:50.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45176
Vulnerability from cvelistv5
Published
2023-10-14 15:35
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise and IBM Integration Bus denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7051448 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/267998 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise | |
| IBM | Integration Bus |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7051448"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267998"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:11:48.543494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:34:37.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.23",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.10.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Integration Bus",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "10.1.0.1",
"status": "affected",
"version": "10.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-14T15:35:21.138Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7051448"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267998"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise and IBM Integration Bus denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-45176",
"datePublished": "2023-10-14T15:35:21.138Z",
"dateReserved": "2023-10-05T01:38:58.206Z",
"dateUpdated": "2024-09-16T18:34:37.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28760
Vulnerability from cvelistv5
Published
2024-05-11 13:00
Modified
2024-08-02 00:56
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7150845 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/285244 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T15:27:52.815838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:38.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7150845"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.25",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.12.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-11T13:00:12.261Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7150845"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285244"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-28760",
"datePublished": "2024-05-11T13:00:12.261Z",
"dateReserved": "2024-03-10T12:22:43.137Z",
"dateUpdated": "2024-08-02T00:56:58.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31894
Vulnerability from cvelistv5
Published
2024-05-22 19:17
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7154606 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/288175 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T20:07:10.305598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T20:07:17.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154606"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "12.0.12.1",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175."
}
],
"value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324 Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:17:51.702Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154606"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288175"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31894",
"datePublished": "2024-05-22T19:17:51.702Z",
"dateReserved": "2024-04-07T12:44:57.195Z",
"dateUpdated": "2024-08-02T01:59:50.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42444
Vulnerability from cvelistv5
Published
2023-02-06 20:38
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6890609 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/238538 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:40.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6890609"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThan": "11.0.0.19",
"status": "affected",
"version": "11.0.0.8",
"versionType": "semver"
},
{
"lessThan": "12.0.5.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538."
}
],
"value": "IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "121 Stack-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-12T01:45:42.615671Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6890609"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238538"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-42444",
"datePublished": "2023-02-06T20:38:25.295Z",
"dateReserved": "2022-10-06T15:51:26.501Z",
"dateUpdated": "2024-08-03T13:10:40.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22317
Vulnerability from cvelistv5
Published
2024-01-18 13:16
Modified
2024-08-01 22:43
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7108661 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7108661"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.24",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.11.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T13:16:34.298Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7108661"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22317",
"datePublished": "2024-01-18T13:16:34.298Z",
"dateReserved": "2024-01-08T23:41:52.508Z",
"dateUpdated": "2024-08-01T22:43:34.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31904
Vulnerability from cvelistv5
Published
2024-05-22 18:34
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7154607 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/289647 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:48:27.874415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:36:06.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7154607"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.0.0.25",
"status": "affected",
"version": "11.0.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.12.0",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647."
}
],
"value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T18:34:39.881Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7154607"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-31904",
"datePublished": "2024-05-22T18:34:39.881Z",
"dateReserved": "2024-04-07T12:45:07.197Z",
"dateUpdated": "2024-08-02T01:59:50.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42439
Vulnerability from cvelistv5
Published
2023-02-06 20:25
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
IBM App Connect Enterprise information disclosure
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6952435 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/238211 | vdb-entry |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | App Connect Enterprise |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:40.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6952435"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThan": "11.0.0.19",
"status": "affected",
"version": "11.0.0.17",
"versionType": "semver"
},
{
"lessThan": "12.0.5.0",
"status": "affected",
"version": "12.0.4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T16:10:51.689Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6952435"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-42439",
"datePublished": "2023-02-06T20:25:26.204Z",
"dateReserved": "2022-10-06T15:51:26.500Z",
"dateUpdated": "2024-08-03T13:10:40.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}