Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoriong operands are vulnerable to cross-site scripting (GHSA-h8r8-wccr-v5f2, GHSA-cjmm-f4jc-qw8r) and prototype polution (GHSA-cj63-jhhr-wcxv)

Summary Node.js module dompurify is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting GHSA-h8r8-wccr-v5f2, GHSA-cjmm-f4jc-qw8r and prototype polution GHSA-cj63-jhhr-wcxv. This...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting (CVE-2025-15599, CVE-2026-0540) and loss of confidentiality (CVE-2025-68470, CVE-2026-22029)

Summary Node.js modules DomPurify and React Router are used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting CVE-2025-15599, CVE-2026-0540 and loss of confidentiality CVE-2025-68470,...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality (CVE-2026-27959)

Summary Node.js module Koa is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Node.js modu...

CVE-2025-1993

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution [CVE-2024-47175]

Summary OpenPrinting libppd is present as a Red Hat package in the IBM App Connect Enterprise Certified Container images used by the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to arbitrary code execution [CVE-2022-48622] [CVE-2023-23931] [CVE-2024-35195] [CVE-2024-39689]

Summary The IBM App Connect Enterprise Certified Container image that provides the mapping assistance capability to the DesignerAuthoring operand includes several Python based Red Hat packages that contain vulnerabilites. IBM App Connect Enterprise Certified Container DesignerAuthoring operands...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to [CVE-2023-37920]

Summary Python module Certifi is used by IBM App Connect Enterprise Certified Container by mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to trusting untrusted certificates. This bulletin provides patch...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to multiple CVEs in Avahi

Summary Avahi is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring operand images. Avahi is vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Avahi. CVE-2023-38469,...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-3576]

Summary libtiff is not used directly by IBM App Connect Enterprise Certified Container but is present in one of the DesignerAuthoring images. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2017-6519]

Summary Avahi is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring operand images. Avahi is vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Avahi. CVE-2017-6519 Vulnerabili...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality due to [CVE-2023-32681]

Summary Python module Requests is used by IBM App Connect Enterprise Certified Container for making HTTPS calls in mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-2800]

Summary Hugging Face Transformers is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information t...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-32695]

Summary Node.js module Socket.IO is used by IBM App Connect Enterprise Certified Container for updating a DesignerAuthoring webconsole. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to addres...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-31125]

Summary npm module Engine.IO is used by IBM App Connect Enterprise Certified Container for updating the webconsole in a DesignerAuthoring instance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch informati...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands is vulnerable to arbitrary code execution due to [CVE-2023-30547]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container in Designer flows by the Box connector. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-2251]

Summary Node.js module yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilit...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [X-Force 247595]

Summary Encode Starlette is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands may be vulnerable to cross-site scripting due to IBM X-Force ID 239963

Summary IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands did not set the Content Source Policy CSP header "object-src". This may allow injection of arbitrary code into the Web UI. This bulletin provides patch information to address the reported vulnerability...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-25927]

Summary Node.js module ua-parser-js is used by IBM App Connect Enterprise Certified Container DesignerAuthoring instances. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2023-21830, CVE-2023-21835, CVE-2023-21843]

Summary Java SE is used by IBM App Connect Enterprise Certified Container by the component that stores DesignerAuthoring flows and by the component that provides mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service...