IBM App Connect Enterprise Vulnerable to HTML Injection

CVE-2024-28761

5.4MEDIUM

Key Information

Vendor: IBM
Status: App Connect Enterprise
Vendor: Published:; 14 May 2024

Summary

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245.

Affected Version(s)

App Connect Enterprise <= 11.0.0.25

App Connect Enterprise <= 12.0.12.0

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

LOW

Integrity:

LOW

Availability:

NONE

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

CHANGED

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Mar 10, 2024

Collectors

NVD DatabaseMitre Database