Security Bulletin: IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2022-30631

Summary The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands utilise Golang Go. The IBM App Connect Enterprise Certified Container operator and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that process yaml files may be vulnerable to denial of service due to CVE-2022-25857

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for parsing YAML files, including IntegrationServer configuration files. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that process JSON data may be vulnerable to denial of service due to CVE-2020-36518

Summary FasterXML jackson-databind is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container IntegrationServer operands that process JSON data may be vulnerable to denial of service. This bulletin provides patch information ...

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-44716

Summary IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2021-44716. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: Golang Go i...

Security Bulletin: IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service due to CVE-2021-39293

Summary IBM App Connect Enterprise Certified Container Operator and IntegrationServer operands may be vulnerable to denial of service if forced to process a malicious archive stream. This bulletin provides patch information to address the reported vulnerability CVE-2021-39293. Vulnerability Detai...

Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server operands that use the JDBC connector may be vulnerable to remote code execution due to CVE-2021-44228

Summary Log4J is used by IBM App Connect Enterprise Certified Container for logging when generating a bar file that contains a JDBC connector and when running a flow that contains a JDBC connector. IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server...

Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39134

Summary IBM App Connect Enterprise Certified Container Integration Server images may be vulnerable to a symlink attack that could alter the files on disk due to vulnerabilities in the Node module npm. The npm module is not used at runtime by IBM App Connect Enterprise itself, but anyone using the...

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2020-7720

Summary The App Connect Enterprise Certified Container connectors are vulnerable to CVE-2020-7720 Vulnerability Details CVEID: CVE-2020-7720 DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...