Vulnerabilities > IBM > APP Connect Enterprise Certified Container > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2022-43874 | Cross-site Scripting vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. | 6.1 |
| 2023-02-06 | CVE-2022-42439 | Information Exposure Through Log Files vulnerability in IBM products IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. | 4.9 |
| 2023-02-01 | CVE-2022-43922 | Inadequate Encryption Strength vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. | 6.5 |
| 2022-07-05 | CVE-2022-31770 | Unspecified vulnerability in IBM APP Connect Enterprise Certified Container 4.2 IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. | 4.9 |
| 2022-04-01 | CVE-2022-22404 | Allocation of Resources Without Limits or Throttling vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting. | 6.5 |
| 2021-10-08 | CVE-2021-29906 | Unspecified vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. | 5.5 |
| 2020-11-03 | CVE-2020-4785 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM APP Connect Enterprise Certified Container IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |