Lucene search
K

83 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:36 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-62718)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

9.9CVSS5.8AI score0.01186EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/05 1:55 p.m.5 views

CVE-2025-13491

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

5.1CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/12 2:4 p.m.8 views

CVE-2024-52362 IBM App Connect Enterprise Certified Container denial of service

IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper...

4.3CVSS6.7AI score0.00434EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]

Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...

9.1CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution [CVE-2024-51465]

Summary IBM App Connect Enterprise Certified Container operator allows arbitrary code execution by an IntegrationRuntime or IntegrationServer due to insufficient checks on the operands configuration. This bulletin provides patch information to address the reported vulnerability in IBM App Connect...

8.8CVSS7.9AI score0.00664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/04 10:17 a.m.67 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.22 LTS, 12.0.6 LTS and 12.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.8CVSS9.3AI score0.66594EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 9:59 a.m.45 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.1CVSS8.9AI score0.36081EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2024/08/24 11:22 a.m.26 views

CVE-2022-43915 IBM App Connect Enterprise Certified Container

IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...

6.8CVSS0.00389EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/23 10:5 a.m.17 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to priviledge escalation [CVE-2022-43915]

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to privilege escalation due to not limiting the unshare command. This bulletin provides patch information to address the reported vulnerability. CVE-2022-43915 Vulnerability Details CVEID:CVE-2022-43915 DESCRIPTION: IB...

8.1CVSS7.4AI score0.00389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/23 9:57 a.m.26 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service [CVE-2023-45288]

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to a Golang vulnerability. This bulletin provides patch information to address the reported vulnerability in the net/http and x/net/http2 packages. CVE-2023-45288 Vulnerability...

7.5CVSS7.7AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 10:37 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 5:3 p.m.49 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]

Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.3CVSS7AI score0.0069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 3:26 p.m.28 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2024-33883]

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for generating user interfaces in the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch...

4CVSS4.4AI score0.00614EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 2:7 p.m.50 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]

Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

6.5CVSS6.4AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 2:5 p.m.40 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]

Summary Node.js is used by IBM App Connect Enterprise Certified Container as one of the main runtimes. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service. This bulletin provides patch information to address the reported...

7.8CVSS7.2AI score0.03168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 10:25 a.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container instances that run or edit flows containing JSONata mapping are vulnerable to arbitrary code execution due to [CVE-2024-27307]

Summary JSONata is used by IBM App Connect Enterprise Certified Container flows for mapping and extracting values within a JSON document. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run or edit flows containing JSONata...

9.8CVSS9.8AI score0.01422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/07 3:31 p.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-24762]

Summary FastAPI is used by IBM App Connect Enterprise Certified Container for internal HTTP communications. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to addres...

9.8CVSS7.4AI score0.02621EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 2:15 p.m.53 views

Security Bulletin: App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS9.5AI score0.03869EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/23 6:5 p.m.28 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to HTTP header injection due to [CVE-2023-29406]

Summary Golang Go is used by IBM App Connect Enterprise Certified Container in the operator catalog, the operator and its operands. The IBM App Connect Enterprise Certified Container operator and the IntegrationServer & IntegrationRuntime operands are vulnerable to HTTP header injection leading t...

6.5CVSS9.1AI score0.0125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/23 6:4 p.m.36 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to [CVE-2023-29409]

Summary Golang Go is used by IBM App Connect Enterprise Certified Container in the operator catalog, the operator and its operands. The IBM App Connect Enterprise Certified Container operator and the IntegrationServer & IntegrationRuntime operands are vulnerable to denial of service. This bulleti...

5.3CVSS9AI score0.01328EPSS
Exploits0Affected Software1
Rows per page
Query Builder