CVE-2023-45176 — Improper Input Validation in IBM APP Connect Enterprise

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 94.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise IBM Integration BUS

Timeline

PublishedOct 14

Description

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/integration_bus10.1 — 10.1.0.1

▶CVEListV5ibm/app_connect_enterprise11.0.0.1 — 11.0.0.23+1

▶NVDibm/app_connect_enterprise11.0.0.1 — 11.0.0.23+1

▶NVDibm/integration_bus10.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM App Connect Enterprise and IBM Integration Bus denial of service↗2023-10-14

▶

GHSA

GHSA-qgm6-p3q3-r5mp: IBM App Connect Enterprise 11↗2023-10-14

▶