CVE-2024-22356
EUVD-2024-1991726.03.2024, 15:15
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | integration_bus | 10.1 ≤ 𝑥 < 10.1.0.3 |
| ibm | app_connect_enterprise | 11.0.0.1 ≤ 𝑥 < 11.0.0.24 |
| ibm | app_connect_enterprise | 12.0.1.0 ≤ 𝑥 < 12.0.10.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| ibm | connect\ | 11.0.0.1 ≤ 𝑥 ≤ 11.0.0.23 | CNA |
| ibm | connect\ | 12.0.1.0 ≤ 𝑥 ≤ 12.0.9.0 | CNA |
| ibm | connect\ | 10.1 ≤ 𝑥 ≤ 10.1.0.2 | CNA |
Common Weakness Enumeration
- CWE-117 - Improper Output Neutralization for LogsThe software does not neutralize or incorrectly neutralizes output that is written to logs.
- CWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.