March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Stealerium Malware Steals Login Credentials by Attacking Wi-Fi Networks and Outlook – Active IOCs
May 23, 2024APT Group Gamaredon aka Shuckworm – Active IOCs
May 23, 2024Stealerium Malware Steals Login Credentials by Attacking Wi-Fi Networks and Outlook – Active IOCs
May 23, 2024APT Group Gamaredon aka Shuckworm – Active IOCs
May 23, 2024
Severity
Medium
Analysis Summary
CVE-2024-31904 CVSS:6.5
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception.
CVE-2024-31895 CVSS:4.3
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.
CVE-2024-31894 CVSS:4.3
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.
CVE-2024-31893 CVSS:4.3
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-31904
- CVE-2024-31895
- CVE-2024-31894
- CVE-2024-31893
Affected Vendors
IBM
Affected Products
- IBM App Connect Enterprise 11.0.0.1
- IBM App Connect Enterprise 12.0.1.0
- IBM App Connect Enterprise 11.0.0.25
- IBM App Connect Enterprise 12.0.12.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.