Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate insufficiently strong keystore passwords [CVE-2025-1827]

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate keystores on startup for storing keys and certificates. These are generated with an insufficiently strong password. This bulletin provides patch information to address the reported...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka nodes are vulnerable to privilege escalation [CVE-2024-31141]

Summary The Apache Kafka client is used by IBM App Connect Enterprise Certified Container for the Kafka client nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run toolkit flows containing Kafka nodes are vulnerable to privilege...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-47554]

Summary Apache Commons IO is used by IBM App Connect Enterprise Certified Container by the IntegrationServer and IntegrationRuntime operands. These operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Apache Commons IO...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-7254]

Summary The Google Protocol Buffers package is used by IBM App Connect Enterprise Certified Container for processing DFDL message definitions. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime that use the DFDL parser are vulnerable to denial of service. This...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use MQ are vulnerable to denial of service [CVE-2024-25016]

Summary IBM MQ is used by IBM App Connect Enterprise Certified Container for MQ communications and for state storage by Toolkit flows that contain MQ, Aggregation and Collector nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable t...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-31904]

Summary Calls to the Admin API in IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. CVE-2024-31904 Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service due to [CVE-2024-24788]

Summary Golang Go is used by a parent process in the IntegrationServer and IntegrationRuntime operands of IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality due to [CVE-2024-30260] [CVE-2024-30261]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when processing batches in Designer flows. IBM App Connect Enterprise Certified Container IntergationServer and IntegrationRuntime operands that run flows that contain batch processes are vulnerable to loss of...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands may be vulnerable to denial of service

Summary The Bouncy Castle Crypto Package For Java is used by the MQ Client in IBM App Connect Enterprise Certified Container IntegrationServers and IntegrationRuntimes. This bulletin provides patch information to address the reported vulnerability in the Bouncy Castle Crypto Package For Java...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the MQ clients and CCDT files are vulnerable to denial of service due to [CVE-2023-38039]

Summary Libcurl is used by the MQ Client code in IBM App Connect Enterprise Certified Container for downloading CCDT information. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the MQ clients and CCDT files are vulnerable to denial of...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service

Summary snappy-java is used by IBM App Connect Enterprise Certified Container by the Kafka connectors. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service due to [CVE-2022-28948]

Summary Go-Yaml is used internally by IBM App Connect Enterprise Certified Container for reading YAML configuration. IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665]

Summary Node.js module protobuf.js is used by IBM App Connect Enterprise Certified Container by the Google PubSub node. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Google PubSub node are vulnerable to arbitrary code execution. This...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands are vulnerable to denial of service due to [CVE-2022-21349]

Summary Java is used by IBM App Connect Enterprise Certified Container IntegrationServers. IBM App Connect Enterprise Certified Container IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Java...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution due to [CVE-2022-1471]

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing yaml configuration files. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution. This bulletin provides patch informatio...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows is vulnerable to arbitrary code execution due to [CVE-2022-37614]

Summary Node.js module mockery is not used directly by IBM App Connect Enterprise Certified Container but is present in some of the images. IBM App Connect Enterprise Certified Container IntegrationServer operands that run Designer flows may be vulnerable to arbitrary code execution. This bulleti...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2021-22569]

Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3510]

Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3509]

Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...