CVE-2024-31895

CWE-324 CWE-6723 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 67.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise

Timeline

PublishedMay 22

Description

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/app_connect_enterprise12.0.1.0 — 12.0.12.2

▶CVEListV5ibm/app_connect_enterprise12.0.1.0 — 12.0.12.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-www9-grm3-8mc4: IBM App Connect Enterprise 12↗2024-05-22

▶

CVEList

IBM App Connect Enterprise information disclosure↗2024-05-22

▶