Primary

Context

IBM App Connect Enterprise Privileged User JMS Credentials Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM App Connect Enterprise versions 12.0.1.0 through 12.0.7.0 and 13.0.1.0, which under certain configurations, could allow a privileged user to obtain Java Message Service (JMS) credentials. This issue is related to improper management of sensitive trace data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to JMS credentials, potentially allowing for further privileged actions or access within the application.

Remediation

Users are advised to upgrade to IBM App Connect Enterprise version 12.0.12.8 or 13.0.1.1, depending on their current version. The APAR IT46982 is available for both versions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM App Connect Enterprise Privileged User JMS Credentials Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM App Connect Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating