Security Bulletin: IBM App Connect Enterprise Certified Container flows that use the Box or Databricks connectors are vulnerable to loss of confidentiality (CVE-2026-27699)

Summary Node.js module basic-ftp is used by IBM App Connect Enterprise Certified Container in the connectors for Box and Databricks. IBM App Connect Enterprise Certified Container IntergationRuntime and IntegrationServer operands that run flows containing Box or Databricks connectors are vulnerab...

Security Bulletin: IBM App Connect Enterprise Certified Container flows using Box are vulnerable to loss of confidentiality due to [CVE-2024-24758]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for communicating with Box in the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows using the Box connector are vulnerable to loss o...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and Integration Runtime operands that run Designer flows containing a Box node may be vulnerable to arbitrary code execution due to [CVE-2023-29199]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container for communications with Box via the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer flows containing a Box node may be vulnerable ...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code execution due to [CVE-2022-36067]

Summary Node.js module vm2 is used by the Box connector in IBM App Connect Enterprise Certified Container IntegrationServer operands. IBM App Connect Enterprise Certified Container IntegrationServer operands that use the Box connector may be vulnerable to arbitrary code injection. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServers that use the Box connector may be vulnerable to arbitrary code execution due to CVE-2021-23555

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container by the Box connector in a Designer flow. IBM App Connect Enterprise Certified Container IntegrationServers that use the Box connector may be vulnerable to CVE-2021-23555. This bulletin provides patch information ...