83 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-62718)
Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...
CVE-2025-13491
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...
CVE-2024-52362 IBM App Connect Enterprise Certified Container denial of service
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]
Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution [CVE-2024-51465]
Summary IBM App Connect Enterprise Certified Container operator allows arbitrary code execution by an IntegrationRuntime or IntegrationServer due to insufficient checks on the operands configuration. This bulletin provides patch information to address the reported vulnerability in IBM App Connect...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.22 LTS, 12.0.6 LTS and 12.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...
CVE-2022-43915 IBM App Connect Enterprise Certified Container
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to priviledge escalation [CVE-2022-43915]
Summary IBM App Connect Enterprise Certified Container operands are vulnerable to privilege escalation due to not limiting the unshare command. This bulletin provides patch information to address the reported vulnerability. CVE-2022-43915 Vulnerability Details CVEID:CVE-2022-43915 DESCRIPTION: IB...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service [CVE-2023-45288]
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to a Golang vulnerability. This bulletin provides patch information to address the reported vulnerability in the net/http and x/net/http2 packages. CVE-2023-45288 Vulnerability...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution
Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]
Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2024-33883]
Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for generating user interfaces in the DesignerAuthoring operand. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]
Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]
Summary Node.js is used by IBM App Connect Enterprise Certified Container as one of the main runtimes. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container instances that run or edit flows containing JSONata mapping are vulnerable to arbitrary code execution due to [CVE-2024-27307]
Summary JSONata is used by IBM App Connect Enterprise Certified Container flows for mapping and extracting values within a JSON document. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run or edit flows containing JSONata...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-24762]
Summary FastAPI is used by IBM App Connect Enterprise Certified Container for internal HTTP communications. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to addres...
Security Bulletin: App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to HTTP header injection due to [CVE-2023-29406]
Summary Golang Go is used by IBM App Connect Enterprise Certified Container in the operator catalog, the operator and its operands. The IBM App Connect Enterprise Certified Container operator and the IntegrationServer & IntegrationRuntime operands are vulnerable to HTTP header injection leading t...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service due to [CVE-2023-29409]
Summary Golang Go is used by IBM App Connect Enterprise Certified Container in the operator catalog, the operator and its operands. The IBM App Connect Enterprise Certified Container operator and the IntegrationServer & IntegrationRuntime operands are vulnerable to denial of service. This bulleti...