PT-2024-19358 · Ibm · Ibm App Connect Enterprise+1
Published
2024-03-26
·
Updated
2024-03-29
·
CVE-2024-22356
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.23
IBM App Connect Enterprise versions 12.0.1.0 through 12.0.9.0
IBM Integration Bus for z/OS versions 10.1 through 10.1.0.2
Description
The issue concerns the storage of potentially sensitive information in log or trace files by the affected software, which could be accessed by a privileged user.
Recommendations
For IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.23, update to a version that does not store sensitive information in log or trace files.
For IBM App Connect Enterprise versions 12.0.1.0 through 12.0.9.0, update to a version that does not store sensitive information in log or trace files.
For IBM Integration Bus for z/OS versions 10.1 through 10.1.0.2, update to a version that does not store sensitive information in log or trace files.
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm App Connect Enterprise
Ibm Integration Bus For Z/Os