CVE-2024-31895

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1

Description The issue is related to the User Information Handler component of IBM App Connect Enterprise, which has authentication procedure weaknesses. This can allow a remote attacker to obtain sensitive user information, including calendar data, using an expired access token.

Recommendations For IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.1, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive user information and disabling the use of expired access tokens until a patch is available.