Summary IBM App Connect Enterprise Admin API and Dashboard are vulnerable to an HTML injection attack. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-28761 DESCRIPTION: **IBM App Connect Enterprise is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285245 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM App Connect Enterprise| 12.0.1.0 – 12.0.12.0 IBM App Connect Enterprise| 11.0.0.1 – 11.0.0.25 Remediation/Fixes IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise Affected Product(s) | Version(s) | APAR | Remediation / Fixes —|—|—|— IBM App Connect Enterprise | 12.0.1.0 – 12.0.12.0| IT45956| The APAR (IT45956) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.1 IBM App Connect Enterprise | 11.0.0.1 – 11.0.0.25| IT45956| The APAR (IT45956) is available from IBM App Connect Enterprise v11- Fix Pack Release 11.0.0.26 Workarounds and Mitigations…Read More