CVE-2024-28761

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.25 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.0

Description The issue exists due to inadequate protection of the web page structure in the Dashboard component of IBM App Connect Enterprise. This allows a remote attacker to inject arbitrary HTML code, which can be executed in the victim's web browser within the security context of the hosting site when viewed.

Recommendations For IBM App Connect Enterprise versions 11.0.0.1 through 11.0.0.25, update to a version outside of this range to mitigate the risk. For IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Dashboard component until a patch is available.