CVE-2024-49338

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

BM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.

References

Link	Resource
https://www.ibm.com/support/pages/node/7175396	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:app_connect_enterprise::::::::
	cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:::::::*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

13 Aug 2025, 00:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:app_connect_enterprise:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:::::::*
References	~~() https://www.ibm.com/support/pages/node/7175396 -~~	() https://www.ibm.com/support/pages/node/7175396 - Vendor Advisory
Summary		(es) IBM App Connect Enterprise 12.0.1.0 a 12.0.7.0 y 13.0.1.0 en ciertas configuraciones podrían permitir que un usuario privilegiado obtenga credenciales JMS.
First Time		Linux linux Kernel Ibm app Connect Enterprise Microsoft Linux Ibm Ibm aix Microsoft windows

18 Jan 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-18 15:15

Updated : 2025-08-13 00:24

NVD link : CVE-2024-49338

Mitre link : CVE-2024-49338

CVE.ORG link : CVE-2024-49338

JSON object : View

Products Affected

linux_kernel

windows

CWE

CWE-1323

Improper Management of Sensitive Trace Data

{"id": "CVE-2024-49338", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-01-18T15:15:07.433", "references": [{"url": "https://www.ibm.com/support/pages/node/7175396", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1323"}]}], "descriptions": [{"lang": "en", "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials."}, {"lang": "es", "value": "IBM App Connect Enterprise 12.0.1.0 a 12.0.7.0 y 13.0.1.0 en ciertas configuraciones podr\u00edan permitir que un usuario privilegiado obtenga credenciales JMS."}], "lastModified": "2025-08-13T00:24:57.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD5197A-F6D5-4216-A424-9FF6C3BD3E29", "versionEndExcluding": "12.0.12.8", "versionStartIncluding": "12.0.1.0"}, {"criteria": "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9009BDE0-3EA4-4689-B077-9C2B7DE58DC7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}