6.5
CVE-2024-52362
- EPSS 0.11%
- Veröffentlicht 12.03.2025 14:04:10
- Zuletzt bearbeitet 02.04.2025 12:37:19
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ App Connect Enterprise Certified Containers Operands Version12.0.7.0 Updater4 SwEditioncontinuous_delivery
Ibm ≫ App Connect Enterprise Certified Containers Operands Version12.0.12.5 Updater1 SwEditioncontinuous_delivery
Ibm ≫ App Connect Enterprise Certified Containers Operands Version13.0.1.0 Updater1 SwEditioncontinuous_delivery
Ibm ≫ App Connect Enterprise Certified Containers Operands Version13.0.2.1 Updater1 SwEditioncontinuous_delivery
Ibm ≫ App Connect Operator SwEditioncontinuous_delivery Version >= 7.2 <= 11.6.0
Ibm ≫ App Connect Operator SwEditionlts Version >= 12.0.0 < 12.9.0
Ibm ≫ App Connect Operator SwEditioncontinuous_delivery Version >= 12.1.0 <= 12.8.2
Ibm ≫ App Connect Operator Version12.0.12 Updater1 SwEditionlts
Ibm ≫ App Connect Operator Version12.0.12 Updater8 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.297 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| psirt@us.ibm.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-1286 Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.