IBM App Connect Enterprise
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM App Connect Enterprise.
By the Year
In 2026 there have been 1 vulnerability in IBM App Connect Enterprise with an average score of 5.1 out of ten. Last year, in 2025 App Connect Enterprise had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in App Connect Enterprise in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.80
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 5.10 |
| 2025 | 3 | 5.90 |
| 2024 | 9 | 6.01 |
| 2023 | 4 | 5.33 |
It may take a day or so for new App Connect Enterprise vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM App Connect Enterprise Security Vulnerabilities
IBM App Connect CE Container Untrusted Search Path Enables Sens Access (12.19)
CVE-2025-13491
5.1 - Medium
- February 05, 2026
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
Untrusted Path
IBM App Connect Enterprise 12-13.0.x Missing Auth: Unauthorized Resource Access
CVE-2025-36361
6.3 - Medium
- October 24, 2025
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
AuthZ
IBM App Connect EE 12-13: Authenticated Arbitrary File Write
CVE-2025-0799
6.5 - Medium
- February 06, 2025
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
Directory traversal
IAM Priv Esc in IBM App Connect 12.0-13 JMS Credentials Leak
CVE-2024-49338
4.9 - Medium
- January 18, 2025
IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.
Improper Management of Sensitive Trace Data
IBM App Connect Enterprise Certified Container: Remote Command Execution Vulnerability
CVE-2024-51465
8.8 - High
- December 04, 2024
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Shell injection
IBM App Connect Enterprise <=12.0.12.1 Exp Token Disclosure
CVE-2024-31895
6.5 - Medium
- May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
Operation on a Resource after Expiration or Release
Auth Token Abuse in IBM App Connect 12.0.x (pre-12.0.12.1)
CVE-2024-31894
4.3 - Medium
- May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
Operation on a Resource after Expiration or Release
IBM App Connect Ent 12.0.1.012.0.12.1 Auth user accesses calendar exp token
CVE-2024-31893
4.3 - Medium
- May 22, 2024
IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
Operation on a Resource after Expiration or Release
IBM App Connect Enterprise 11.x/12.x Auth DoS via Uncaught Exception
CVE-2024-31904
6.5 - Medium
- May 22, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
Uncaught Exception
IBM App Connect Enterprise 11.x/12.x DoS via Dashboard Resource Allocation
CVE-2024-28760
4.3 - Medium
- May 14, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.
Allocation of Resources Without Limits or Throttling
HTML Injection in IBM App Connect Enterprise 11.0.x25 / 12.0.x12 (ACP)
CVE-2024-28761
5.4 - Medium
- May 14, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245.
XSS
IBM App Connect Enterprise 11.x/12.x Sensitive Log Exposure
CVE-2024-22356
4.9 - Medium
- March 26, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.
Output Sanitization
IBM App Connect Enterprise 11.0.0.1-24 / 12.0.1.0-11.0 Auth Brute-Force
CVE-2024-22317
9.1 - Critical
- January 18, 2024
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
Improper Restriction of Excessive Authentication Attempts
DOS on IBM ACE/IIB Nodes (Windows) pre-11.0.0.24/12.0.10/10.1.0.1
CVE-2023-45176
5.5 - Medium
- October 14, 2023
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.
IBM App Connect Enterprise API log data leak (12.0.1.012.0.8)
CVE-2023-40682
4.4 - Medium
- October 13, 2023
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.
Insertion of Sensitive Information into Log File
Buffer Overflow in IBM App Connect Enterprise 11.0.0.8-19, 12.0.1.0-12.0.5.0
CVE-2022-42444
6.5 - Medium
- February 12, 2023
IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.
Classic Buffer Overflow
IBM App Connect Enterprise Credential Disclosure in Discovery Connector 11.x/12.x
CVE-2022-42439
4.9 - Medium
- February 06, 2023
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party systems credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM App Connect Enterprise or by IBM? Click the Watch button to subscribe.
