Summary The remote administration API in IBM App Connect Enterprise is vulnerable to an information disclosure and denial of service vulnerability due to improper Brute Force protection. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-22317 DESCRIPTION: **IBM App Connect Enterprise could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. CVSS Base score: 9.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM App Connect Enterprise| 12.0.1.0 – 12.0.11.0 IBM App Connect Enterprise| 11.0.0.1 – 11.0.0.24 Remediation/Fixes IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise Affected Product(s) | Version(s) | APAR | Remediation / Fixes —|—|—|— IBM App Connect Enterprise | 12.0.1.0 – 12.0.11.0 | IT45109 | The APAR (IT45109) is available from IBM App Connect Enterprise v12 – Security Fix Pack Release 12.0.11.1 IBM App Connect Enterprise | 11.0.0.1 – 11.0.0.24 | IT45109 | Interim Fix for APAR (IT45109) is available to apply to 11.0.0.24 from IBM Fix Central Workarounds and Mitigations…Read More