Vulnerabilities > IBM > APP Connect Enterprise > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-22 | CVE-2024-31894 | Operation on a Resource after Expiration or Release vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. | 4.3 |
| 2024-05-22 | CVE-2024-31895 | Operation on a Resource after Expiration or Release vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. | 6.5 |
| 2024-05-22 | CVE-2024-31893 | Operation on a Resource after Expiration or Release vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. | 4.3 |
| 2024-05-22 | CVE-2024-31904 | Unspecified vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. | 6.5 |
| 2024-05-14 | CVE-2024-28760 | Allocation of Resources Without Limits or Throttling vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. | 4.3 |
| 2024-05-14 | CVE-2024-28761 | Cross-site Scripting vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. | 5.4 |
| 2024-03-26 | CVE-2024-22356 | Improper Encoding or Escaping of Output vulnerability in IBM APP Connect Enterprise and Integration BUS IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. | 4.9 |
| 2023-10-14 | CVE-2023-45176 | Unspecified vulnerability in IBM APP Connect Enterprise and Integration BUS IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. | 5.5 |
| 2023-10-13 | CVE-2023-40682 | Information Exposure Through Log Files vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. | 4.4 |
| 2023-02-12 | CVE-2022-42444 | Classic Buffer Overflow vulnerability in IBM APP Connect Enterprise IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. | 6.5 |