Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer Flows containing event nodes are vulnerable to loss of confidentiality [CVE-2024-38372]

Summary Node.js undici module is used by IBM App Connect Enterprise Certified Container for HTTP calls. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer flows that contain event nodes are vulnerable to loss of confidentiality. This...

Introducing the Wiz Certified Program: Validate Your Expertise and Showcase Your Mastery!

The Wiz Certified program refines your cloud security skills to help you grow your career and stand out among your industry peers...

IBM App Connect Enterprise Certified Container 安全漏洞

IBM App Connect Enterprise Certified Container is an image based on the IBM App Connect Enterprise software product from International Business Machines IBM. The package is provided as an executable file that can be deployed and run in a containerized environment. A security vulnerability exists ...

PT-2025-1368 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 7.1 through 12.7 Description: The issue concerns the IBM App Connect Enterprise Certified Container, where Pods used for internal infrastructure do not restrict network egress. This coul...

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2023-24534]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2023-24534 Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution [CVE-2024-51465]

Summary IBM App Connect Enterprise Certified Container operator allows arbitrary code execution by an IntegrationRuntime or IntegrationServer due to insufficient checks on the operands configuration. This bulletin provides patch information to address the reported vulnerability in IBM App Connect...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]

Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]

Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-47554]

Summary Apache Commons IO is used by IBM App Connect Enterprise Certified Container by the IntegrationServer and IntegrationRuntime operands. These operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Apache Commons IO...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-7254]

Summary The Google Protocol Buffers package is used by IBM App Connect Enterprise Certified Container for processing DFDL message definitions. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime that use the DFDL parser are vulnerable to denial of service. This...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypassing security restrictions [CVE-2024-47764]

Summary Node.js module cookie is used by IBM App Connect Enterprise Certified Container for parsing HTTP cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability ...

CVE-2022-22491 IBM App Connect Enterprise Certified Container denial of service

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the...

CVE-2024-51465

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2024-51465

CVE-2024-51465 affects IBM App Connect Enterprise Certified Container versions 11.4–12.3 and enables a remote authenticated attacker to execute arbitrary commands via a specially crafted request (OS command injection). The IBM bulletin confirms a vulnerability in the IntegrationRuntime/Integratio...

CVE-2024-51465 IBM App Connect Enterprise Certified Container command execution

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2024-51465 IBM App Connect Enterprise Certified Container command execution

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.22 LTS, 12.0.6 LTS and 12.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

PT-2024-34641 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 11.4 through 12.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This could potentially...

Asterisk AMI Originate Authenticated RCE

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...