cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43916,https://securityvulnerability.io/vulnerability/CVE-2022-43916,Network Egress Vulnerability in IBM App Connect Enterprise Certified Container,A network egress vulnerability exists in IBM App Connect Enterprise Certified Container that allows Pods utilized for internal infrastructure to access egress traffic without proper restrictions. This could potentially expose sensitive data and allow unauthorized external communication from the internal network environment. Organizations are advised to implement security measures to limit network access and mitigate potential risks associated with this vulnerability.,IBM,App Connect Enterprise Certified Container,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T12:04:47.259Z,0
CVE-2024-45653,https://securityvulnerability.io/vulnerability/CVE-2024-45653,Sensitive IP Address Disclosure in IBM Sterling Connect:Direct Web Services,"IBM Sterling Connect:Direct Web Services versions 6.0, 6.1, 6.2, and 6.3 are vulnerable to an information disclosure issue that allows authenticated users to access sensitive IP address data. This disclosure could be exploited by attackers to facilitate further malicious actions against the system, highlighting the importance of securing internal response data to prevent unauthorized information access.",IBM,Sterling Connect:direct Web Services,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-19T02:39:30.681Z,0
CVE-2024-49338,https://securityvulnerability.io/vulnerability/CVE-2024-49338,Privilege Escalation in IBM App Connect Enterprise Affecting Certain Versions,A vulnerability in IBM App Connect Enterprise versions 12.0.1.0 to 12.0.7.0 and 13.0.1.0 allows a privileged user to potentially gain unauthorized access to JMS credentials under specific configurations. This exposure could lead to further exploitation within secure environments. Organizations using the affected versions are advised to review their configurations and implement necessary security measures.,IBM,App Connect Enterprise,4.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-18T15:00:16.148Z,0
CVE-2022-22491,https://securityvulnerability.io/vulnerability/CVE-2022-22491,File System Write Vulnerability in IBM App Connect Enterprise Certified Container,"IBM App Connect Enterprise Certified Container versions running on Red Hat OpenShift are vulnerable to a file system write issue. This weakness allows unrestricted write access to the local filesystem. As a consequence, it can lead to exhaustion of available storage within a Pod. When the storage limit is reached, the affected Pod may be restarted, which can disrupt services relying on it. Organizations should evaluate their deployment configurations and consider implementing restrictions to mitigate this vulnerability.",IBM,App Connect Enterprise Certified Container,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-09T14:11:28.233Z,0
CVE-2024-39747,https://securityvulnerability.io/vulnerability/CVE-2024-39747,Default Credential Vulnerability in IBM Sterling Connect:Direct Web Services,"IBM Sterling Connect:Direct Web Services versions 6.0, 6.1, 6.2, and 6.3 are susceptible to a significant security risk due to the use of default credentials for critical functionalities. This vulnerability potentially allows unauthorized individuals to exploit these services, leading to unauthorized access and manipulation of sensitive data. Organizations utilizing these versions are strongly advised to review their security configurations and implement proper credential management practices to mitigate the associated risks.",IBM,Sterling Connect:direct Web Services,9.8,CRITICAL,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-08-31T02:15:00.000Z,0
CVE-2022-43915,https://securityvulnerability.io/vulnerability/CVE-2022-43915,Running Pods Allow Elevated User Privileges,"IBM App Connect Enterprise Certified Container versions are vulnerable to privilege escalation due to inadequate limitations on calls to unshare in running Pods. This allows users with privileged access to execute unauthorized commands, potentially elevating their privileges within the containerized environment. Attackers could exploit this weakness to gain additional access and control over system resources, presenting risks to data integrity and system security. Organizations utilizing affected versions should implement necessary security measures to mitigate potential threats and ensure the integrity of their deployment.",IBM,App Connect Enterprise Certified Container,8.1,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-24T11:22:02.059Z,0
CVE-2024-39745,https://securityvulnerability.io/vulnerability/CVE-2024-39745,Weaker Cryptographic Algorithms in IBM Sterling Connect:Direct Web Services Could Lead to Data Decryption,"IBM Sterling Connect:Direct Web Services versions 6.0 through 6.3 are impacted by a vulnerability that arises from the use of weaker than expected cryptographic algorithms. This flaw may enable attackers to decrypt sensitive and confidential information, compromising data security and integrity. Organizations using this product should evaluate their systems to mitigate potential risks associated with this vulnerability.",IBM,Sterling Connect:direct Web Services,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-22T11:06:49.088Z,0
CVE-2024-39744,https://securityvulnerability.io/vulnerability/CVE-2024-39744,IBM Sterling Connect:Direct Web Services Vulnerable to Cross-Site Request Forgery,"IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",IBM,Sterling Connect:direct Web Services,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-08-22T10:56:39.894Z,0
CVE-2024-39746,https://securityvulnerability.io/vulnerability/CVE-2024-39746,IBM Sterling Connect:Direct Web Services Vulnerability Could Lead to Sensitive Information Theft,"IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",IBM,Sterling Connect:direct Web Services,5.9,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-22T10:29:54.169Z,0
CVE-2024-31894,https://securityvulnerability.io/vulnerability/CVE-2024-31894,IBM App Connect Enterprise information disclosure,IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288175.,IBM,App Connect Enterprise,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-22T20:15:00.000Z,0
CVE-2024-31895,https://securityvulnerability.io/vulnerability/CVE-2024-31895,IBM App Connect Enterprise Vulnerability: Authenticated User Access to Sensitive User Information via Expired Access Token,IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288176.,IBM,App Connect Enterprise,6.5,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-05-22T20:15:00.000Z,0
CVE-2024-31904,https://securityvulnerability.io/vulnerability/CVE-2024-31904,Denial of Service Vulnerability in IBM App Connect Enterprise,"A vulnerability in IBM App Connect Enterprise allows an authenticated user to trigger a denial of service condition through an uncaught exception. This issue affects integration nodes in versions 11.0.0.1 to 11.0.0.25 and 12.0.1.0 to 12.0.12.0, potentially disrupting service availability. For further details, refer to IBM's support page and the IBM X-Force Exchange.",IBM,App Connect Enterprise,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-22T19:15:00.000Z,0
CVE-2024-31893,https://securityvulnerability.io/vulnerability/CVE-2024-31893,Sensitive Information Disclosure in IBM App Connect Enterprise,"IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1 are susceptible to a security flaw that allows authenticated users to retrieve sensitive calendar information even when utilizing expired access tokens. This vulnerability could be exploited to unjustly access confidential data, thereby posing a significant risk to user privacy and data integrity.",IBM,App Connect Enterprise,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-22T19:15:00.000Z,0
CVE-2024-28761,https://securityvulnerability.io/vulnerability/CVE-2024-28761,IBM App Connect Enterprise Vulnerable to HTML Injection,"IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.  IBM X-Force ID:  285245.",IBM,App Connect Enterprise,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-14T15:14:00.000Z,0
CVE-2024-28760,https://securityvulnerability.io/vulnerability/CVE-2024-28760,IBM App Connect Enterprise Vulnerable to Denial of Service Due to Improper Resource Allocation,IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.  IBM X-Force ID:  285244.,IBM,App Connect Enterprise,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-14T15:14:00.000Z,0
CVE-2024-22356,https://securityvulnerability.io/vulnerability/CVE-2024-22356,IBM App Connect Enterprise Vulnerability: Sensitive Information in Log Files,"IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user.  IBM X-Force ID:  280893.",IBM,"App Connect Enterprise,Integration Bus",4.9,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-03-26T14:12:18.122Z,0
CVE-2023-32331,https://securityvulnerability.io/vulnerability/CVE-2023-32331,Buffer Overflow Vulnerability in Connect:Express for UNIX Could Lead to Denial of Service,"IBM Connect:Express for UNIX version 1.5.0 is exposed to a buffer overflow vulnerability that can be exploited by remote attackers through the application's browser-based user interface. Successful exploitation may result in denial of service, impacting the availability of the service. Organizations utilizing this product should evaluate their security posture and consider implementing mitigations to safeguard against potential exploits.",IBM,Sterling Connect:express For Unix,7.5,HIGH,0.0005499999970197678,false,,true,false,false,,,false,false,,2024-03-04T18:38:46.392Z,0
CVE-2024-22317,https://securityvulnerability.io/vulnerability/CVE-2024-22317,IBM App Connect Enterprise denial of service,"IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 have a vulnerability that exposes the product to remote attacks due to improper handling of excessive authentication attempts. This vulnerability can potentially lead to the unauthorized disclosure of sensitive information or denial of service, posing significant security risks for organizations utilizing these versions. Organizations are advised to apply relevant security updates to mitigate these vulnerabilities and enhance the protection of their systems.",IBM,App Connect Enterprise,9.1,CRITICAL,0.001509999972768128,false,,false,false,false,,,false,false,,2024-01-18T13:16:34.298Z,0
CVE-2023-47722,https://securityvulnerability.io/vulnerability/CVE-2023-47722,IBM API Connect information disclosure,IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user.  IBM X-Force ID:  271912.,IBM,API Connect,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-09T03:15:00.000Z,0
CVE-2023-45176,https://securityvulnerability.io/vulnerability/CVE-2023-45176,IBM App Connect Enterprise and IBM Integration Bus denial of service,"IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.  IBM X-Force ID:  247998.",IBM,"App Connect Enterprise,Integration Bus",6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-14T16:15:00.000Z,0
CVE-2023-40682,https://securityvulnerability.io/vulnerability/CVE-2023-40682,IBM App Connect Enterprise information disclosure,IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.  IBM X-Force ID:  263833.,IBM,App Connect Enterprise,4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-13T16:15:00.000Z,0
CVE-2023-29259,https://securityvulnerability.io/vulnerability/CVE-2023-29259,IBM Sterling Connect:Express for UNIX information disclosure,IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute.  IBM X-Force ID:  252055.,IBM,Sterling Connect:express For Unix,3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2023-26023,https://securityvulnerability.io/vulnerability/CVE-2023-26023,IBM Planning Analytics Cartridge for Cloud Pak for Data information disclosure,Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.  IBM X-Force ID:  247896.,IBM,Sterling Connect:express For Unix,6.5,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2023-29260,https://securityvulnerability.io/vulnerability/CVE-2023-29260,IBM Sterling Connect:Express for UNIX server-side request forgery,"IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  252135.",IBM,Sterling Connect:express For Unix,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2023-07-19T02:15:00.000Z,0
CVE-2021-38933,https://securityvulnerability.io/vulnerability/CVE-2021-38933,IBM Sterling Connect:Express for UNIX information disclosure,IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  210574.,IBM,Sterling Connect:express For Unix,5.9,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2023-07-19T01:22:12.736Z,0