VYPR

App Connect Enterprise

by IBM

CVEs (16)

  • CVE-2024-22317CriJan 18, 2024
    risk 0.59cvss 9.1epss 0.01

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.

  • CVE-2022-42439MedFeb 6, 2023
    risk 0.44cvss 6.8epss 0.01

    IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.

  • CVE-2025-0799MedFeb 6, 2025
    risk 0.42cvss 6.5epss 0.00

    IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

  • CVE-2024-31904MedMay 22, 2024
    risk 0.42cvss 6.5epss 0.01

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.

  • CVE-2023-45176MedOct 14, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.

  • CVE-2026-5515MedMay 27, 2026
    risk 0.36cvss 5.5epss 0.00

    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2024-28761MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting…

  • CVE-2024-22356MedMar 26, 2024
    risk 0.32cvss 4.9epss 0.01

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.

  • CVE-2022-42444MedFeb 12, 2023
    risk 0.32cvss 4.9epss 0.01

    IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.

  • CVE-2024-49338MedJan 18, 2025
    risk 0.29cvss 4.4epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.

  • CVE-2023-40682MedOct 13, 2023
    risk 0.29cvss 4.4epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.

  • CVE-2024-31895MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.

  • CVE-2024-31894MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.

  • CVE-2024-31893MedMay 22, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.

  • CVE-2024-28760MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.

  • CVE-2025-36361Oct 24, 2025
    risk 0.00cvss epss 0.00

    IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.