Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

EUVD-2025-34515

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

PT-2025-42232

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to incorrect binary execution [CVE-2025-47906]

Summary IBM App Connect Enterprise Certified Container operator and operands contain Golang binaries that are vulnerable to incorrect binary exection. This bulletin provides patch information to address the reported vulnerability in Golang module os/exec. CVE-2025-47906 Vulnerability Details...

Important: Red Hat Security Advisory: RHTAS 1.2.1 - Red Hat Trusted Artifact Signer Release

The 1.2.1 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.2 The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-37168] [CVE-2024-34890]

Summary Node.js is used by IBM App Connect Enterprise Certified Container as a runtime engine. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js modules ws and gRPC...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2024-3772]

Summary Python module Pydantic is used by IBM App Connect Enterprise Certified Container for validating values in the mapping assistant. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to regular expression denial of service. Th...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution due to [CVE-2022-1471]

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing yaml configuration files. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to arbitrary code execution. This bulletin provides patch informatio...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality due to [CVE-2022-42436]

Summary The IBM MQ FTE agent is used in IBM App Connect Enterprise Certified Container by the FTE nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows containing FTE nodes may be vulnerable to loss of confidentiality. This bulletin...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0561

Summary LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0865

Summary LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution due to CVE-2015-20107

Summary Python is provided as part of the operating system modules in the IBM App Connect Enterprise Certified Container images, and is used by DesignerAuthoring instances when mapping assistance is enabled. IBM App Connect Enterprise Certified Container images may be vulnerable to arbitrary code...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2021-3634

Summary libssh is part of the base OS modules in all operand images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container is not directly vulnerable under standard operations, but custom use of the images may be vulnerable to arbitrary code execution...

Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906)

Summary IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance o...

Security Bulletin: IBM App Connect Enterprise Certified Container Integration Servers may be vulnerable to a symlink attack due to CVE-2021-39134

Summary IBM App Connect Enterprise Certified Container Integration Server images may be vulnerable to a symlink attack that could alter the files on disk due to vulnerabilities in the Node module npm. The npm module is not used at runtime by IBM App Connect Enterprise itself, but anyone using the...