CVE-2024-52362

IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
ibmapp_connect_enterprise_certified_containers_operands
12.0.7.0:r4
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.5:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.1.0:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.2.1:r1
ibmapp_connect_operator
7.2 ≤
𝑥
≤ 11.6.0
ibmapp_connect_operator
12.0.0 ≤
𝑥
< 12.9.0
ibmapp_connect_operator
12.1.0 ≤
𝑥
≤ 12.8.2
ibmapp_connect_operator
12.0.12:r1
ibmapp_connect_operator
12.0.12:r8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7185527