Use of a Key Past its Expiration Date

CVE-2024-31895

Medium

4.3/10

Summary

IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-324 - Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

References

Advisory Timeline

Published May 22, 2024

Use of a Key Past its Expiration Date

CVE-2024-31895

Summary

CWE-324 - Use of a Key Past its Expiration Date

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS