Severity
Medium
Analysis Summary
CVE-2023-45176 CVSS: 6.2
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.
CVE-2023-40682 CVSS: 4.4
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.
Impact
- Denial of Service
- Information Theft
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-45176
- CVE-2023-40682
Affected Vendors
IBM
Affected Products
- IBM App Connect Enterprise 11.0.0.1
- IBM App Connect Enterprise 12.0.1.0
- IBM Integration Bus 10.1
- IBM Integration Bus 10.1.0.1
- IBM App Connect Enterprise 11.0.0.23
- IBM App Connect Enterprise 12.0.10.0
- IBM App Connect Enterprise 12.0.8.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.