Ibm

App Connect Enterprise

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-36361

  • EPSS 0.05%
  • Veröffentlicht 24.10.2025 09:35:20
  • Zuletzt bearbeitet 28.10.2025 14:27:33

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

6.5

CVE-2025-0799

  • EPSS 0.08%
  • Veröffentlicht 06.02.2025 01:15:09
  • Zuletzt bearbeitet 12.08.2025 18:46:13

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted ...

4.9

CVE-2024-49338

  • EPSS 0.06%
  • Veröffentlicht 18.01.2025 15:15:07
  • Zuletzt bearbeitet 13.08.2025 00:24:57

IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.

4.3

CVE-2024-31894

  • EPSS 0.09%
  • Veröffentlicht 22.05.2024 20:15:09
  • Zuletzt bearbeitet 08.01.2025 19:58:17

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.

6.5

CVE-2024-31895

  • EPSS 0.13%
  • Veröffentlicht 22.05.2024 20:15:09
  • Zuletzt bearbeitet 08.01.2025 20:03:38

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.

6.5

CVE-2024-31904

  • EPSS 0.14%
  • Veröffentlicht 22.05.2024 19:15:09
  • Zuletzt bearbeitet 07.01.2025 21:05:40

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.

4.3

CVE-2024-31893

  • EPSS 0.11%
  • Veröffentlicht 22.05.2024 19:15:08
  • Zuletzt bearbeitet 07.01.2025 21:03:12

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.

5.4

CVE-2024-28761

  • EPSS 0.17%
  • Veröffentlicht 14.05.2024 15:14:41
  • Zuletzt bearbeitet 13.03.2025 18:15:38

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the secu...

4.3

CVE-2024-28760

  • EPSS 0.14%
  • Veröffentlicht 14.05.2024 15:14:40
  • Zuletzt bearbeitet 07.01.2025 21:02:43

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.

4.9

CVE-2024-22356

  • EPSS 0.06%
  • Veröffentlicht 26.03.2024 15:15:48
  • Zuletzt bearbeitet 28.01.2025 18:43:25

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force...