Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-39892, CVE-2026-34073) and arbitrary code execution (CVE-2026-40087)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality CVE-2026-39892, CVE-2026-34073. Dashboard operands that use the App Connect Enterprise Agent are vulnerable to arbitrary code execution...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality, denial of service and cross-site scripting

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, GHSA-39q2-94rc-95cp, denial of service CVE-2026-33151, CVE-2026-32288 and cross-site scripting CVE-2026-27142. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS (CVE-2026-33230), denial of service (CVE-2026-33231, GHSA-rf74-v2fm-23pw) and path traversal (CVE-2026-33236)

Summary Python module NLTK is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to cross-site scripting CVE-2026-33230, denial of service CVE-2026-3323...

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

CVE-2025-13491

CVE-2025-13491 affects IBM App Connect Enterprise Certified Container. Affected: CD up to 12.19.0 and 12.0 LTS. Root cause: untrusted search path that could allow an attacker to access sensitive files or modify configurations; impact described as confidentiality/integrity concerns with low severi...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to arbitrary code execution due to [CVE-2020-36604]

Summary Node.js module hoek is used by IBM App Connect Enterprise Certified Container Designer connectors. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that execute Designer flows may be vulnerable to arbitrary code execution. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to denial of service due to CVE-2020-13950

Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to denial of service due to CVE-2022-22719

Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to denial of service due to CVE-2022-21681

Summary Node.js module marked is used by IBM App Connect Enterprise Certified Container when creating an API-based Designer flow. IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to regular expression denial of service. This bulletin provides patch...

Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring components may be vulnerable to a denial of service attack (CVE-2020-28477)

Summary A Designer Authoring component in App Connect Enterprise Certified Container may be vulnerable to a denial of service vulnerability due to a prototype polution vulnerability in one of the UI's dependencies Vulnerability Details CVEID: CVE-2020-28477 DESCRIPTION: Node.js immer module is...

Security Bulletin: App Connect Enterprise Certified Container Designer instances may be vulnerable to CVE-2020-7760

Summary Some flow editor dialogs in a Designer instance App Connect Enterprise Certified Container may be vulnerable to a regular expression denial of service flaw that could make that Designer instance unresponsive. Vulnerability Details CVEID: CVE-2020-7760 DESCRIPTION: Node.js codemirror modul...