Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...

CVE-2025-13490

CVE-2025-13490 affects IBM App Connect Operator CD versions 11.3.0–11.6.0, 12.1.0–12.20.0 and 12.0 LTS 12.0.0–12.0.20, plus IBM App Connect Enterprise Certified Containers operands CD 12.0.11.2‑r1–12.0.12.5‑r1 and 13.0.1.0‑r1–13.0.6.1‑r1 (and 12.0 LTS 12.0.12‑r1–12.0.12‑r20). The vulnerability is...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality (CVE-2025-13490)

Summary When an IBM App Connect Enterprise Certified Container IntegrationRuntime or IntegrationServer is configured to report metrics to a Prometheus instance in the OpenShift cluster, the metrics are sent over an unencrypted channel. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality (CVE-2026-22817, CVE-2026-22818)

Summary IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality due to Node.js module hono. This bulletin provides patch information to address the reported vulnerability in Node.js module hono CVE-2026-22817,...

CVE-2025-11093

An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment. By default, access ...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]

Summary Bouncycastle bcprov is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported...

Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory

Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2022-29972, has been codenamed "SynLapse" by researchers from Orca Security, who...

Upcoming improvements to Azure Data Factory and Azure Synapse Pipeline infrastructure in response to CVE-2022-29972

Executive Summary Microsoft recently mitigated and remediated a vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. The vulnerability was found in the third-party ODBC data connector used to connect to Amazon Redshift, in Integration Runtime IR in Azure Synapse Pipelines, and...

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity ODBC driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration...

KLA12534 RCE vulnerability in Microsoft Azure

A remote code execution vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2022-29972 ADV220001 Related products Microsoft-Azure CVE list CVE-2022-29972 unknown Solution Install necessary updates from the K...