CVE-2024-52362: IBM App Connect Enterprise Certified Container denial of service
First published: Wed Mar 12 2025(Updated: )
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM App Connect Enterprise | >=7.2<=12.8 | |
| IBM App Connect | <=CD: 7.2.0 - 11.6.0, 12.1.0 - 12.8.2 12.0 LTS: 12.0.0 - 12.0.8 | |
| IBM App Connect Enterprise | <=CD: 12.0.7.0-r4 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.2.1-r1 12.0 LTS: 12.0.12-r1 - 12.0.12-r8 | |
| Ibm App Connect Enterprise Certified Containers Operands | =12.0.7.0-r4 | |
| Ibm App Connect Enterprise Certified Containers Operands | =12.0.12.5-r1 | |
| Ibm App Connect Enterprise Certified Containers Operands | =13.0.1.0-r1 | |
| Ibm App Connect Enterprise Certified Containers Operands | =13.0.2.1-r1 | |
| IBM App Connect | >=7.2<=11.6.0 | |
| IBM App Connect | >=12.0.0<12.9.0 | |
| IBM App Connect | >=12.1.0<=12.8.2 | |
| IBM App Connect | =12.0.12-r1 | |
| IBM App Connect | =12.0.12-r8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-52362?
CVE-2024-52362 has a medium severity level as it allows an authenticated user to cause a denial of service in the App Connect flow.
How do I fix CVE-2024-52362?
To fix CVE-2024-52362, ensure that you upgrade to the latest version of IBM App Connect Enterprise Certified Container that addresses this vulnerability.
Which versions are affected by CVE-2024-52362?
CVE-2024-52362 affects IBM App Connect Enterprise Certified Container versions from 7.2 to 12.8, along with some specified versions of App Connect Operator and ContainersOperands.
Can CVE-2024-52362 be exploited remotely?
CVE-2024-52362 requires authenticated access, meaning it cannot be exploited remotely without valid user credentials.
What impact does CVE-2024-52362 have on my application?
CVE-2024-52362 can lead to a denial of service, impacting the availability and performance of applications using IBM App Connect Enterprise.
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/description
- agent/first-publish-date
- agent/source
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/ibm
- canonical/ibm app connect enterprise
- canonical/ibm app connect
- version/ibm app connect/cd: 7.2.0 - 11.6.0, 12.1.0 - 12.8.2 12.0 lts: 12.0.0 - 12.0.8
- version/ibm app connect enterprise/cd: 12.0.7.0-r4 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.2.1-r1 12.0 lts: 12.0.12-r1 - 12.0.12-r8
- canonical/ibm app connect enterprise certified containers operands
- version/ibm app connect enterprise certified containers operands/12.0.7.0-r4
- version/ibm app connect enterprise certified containers operands/12.0.12.5-r1
- version/ibm app connect enterprise certified containers operands/13.0.1.0-r1
- version/ibm app connect enterprise certified containers operands/13.0.2.1-r1
- version/ibm app connect/7.2
- version/ibm app connect/11.6.0
- version/ibm app connect/12.0.0
- version/ibm app connect/12.1.0
- version/ibm app connect/12.8.2
- version/ibm app connect/12.0.12-r1
- version/ibm app connect/12.0.12-r8