Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoriong operands are vulnerable to cross-site scripting (GHSA-h8r8-wccr-v5f2, GHSA-cjmm-f4jc-qw8r) and prototype polution (GHSA-cj63-jhhr-wcxv)

Summary Node.js module dompurify is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting GHSA-h8r8-wccr-v5f2, GHSA-cjmm-f4jc-qw8r and prototype polution GHSA-cj63-jhhr-wcxv. This...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting (CVE-2025-15599, CVE-2026-0540) and loss of confidentiality (CVE-2025-68470, CVE-2026-22029)

Summary Node.js modules DomPurify and React Router are used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting CVE-2025-15599, CVE-2026-0540 and loss of confidentiality CVE-2025-68470,...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-2251]

Summary Node.js module yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilit...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-27405

Summary FreeType is not used directly by IBM App Connect Enterprise Certified Container but is present as an operating system module in the DesignerAuthoring image used for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance ma...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution CVE-2022-23943

Summary Apache HTTP Server is used by IBM App Connect Enterprise Certified Container for Mapping Assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use Mapping Assistance may be vulnerable to arbitrary code execution. This bulletin provides patch informatio...