CVE-2024-31893

CWE-324 CWE-6723 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 71.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise

Timeline

PublishedMay 22

Description

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/app_connect_enterprise12.0.1.0 — 12.0.12.2

▶CVEListV5ibm/app_connect_enterprise12.0.1.0 — 12.0.12.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM App Connect Enterprise information disclosure↗2024-05-22

▶

GHSA

GHSA-263c-689v-jcfh: IBM App Connect Enterprise 12↗2024-05-22

▶