CVE-2024-31894 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibm	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Vendor	Product	Version
ibm	app_connect_enterprise	12.0.1.0 ≤ 𝑥 < 12.0.12.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-324 - Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
CWE-672 - Operation on a Resource after Expiration or Release
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/288175

https://www.ibm.com/support/pages/node/7154606

https://exchange.xforce.ibmcloud.com/vulnerabilities/288175

https://www.ibm.com/support/pages/node/7154606