26 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to a command injection vulnerability (CVE-2021-23337)
Summary App Connect Enterprise may be vulnerable to a command injection vulnerability due to Node.js module lodash Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a...
Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling
Summary App Connect Enterprise Certified Container when running Desginer flows may be vulnerable to Denial of Service via to CVE-2020-8237, HTTP request smuggling via CVE-2020-8201 or buffer overflows via CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-8237 DESCRIPTION: Node.js json-bigint...
Security Bulletin: App Connect Enterprise Certified Container Operator and Integration Servers are vulnerable to code injection and Denial of Service attacks
Summary App Connect Enterprise Certified Container Operator and Integration Servers are vulnerable to code injection and Denial of Service attacks due to CVE-2020-28362, CVE-2020-28366 and CVE-2020-28367 Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could allow a remote...
Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to man in the middle attack through use of OpenSSL (CVE-2019-1551)
Summary App Connect Enterprise Certified Container may be vulnerable to man in the middle attack through use of OpenSSL via CVE-2019-1551 Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64...
Security Bulletin: App Connect Enterprise Certified Container Integration Servers could allow information exposure when using MQ (CVE-2020-4498)
Summary App Connect Enterprise Certified Container Integration Servers could allow a local privileged user to obtain highly sensitive information due to inclusion of data within trace files when communicating with an MQ server due to CVE-2020-4498. Vulnerability Details CVEID: CVE-2020-4498...
Security Bulletin: App Connect Enterprise Certified Container Dashboard is vulnerable to clickjacking (CVE-2020-4785)
Summary App Connect Enterprise Certified Container Dashboard is vulnerable to a clickjacking attack that may cause an information leak. Vulnerability Details CVEID: CVE-2020-4785 DESCRIPTION: IBM App Connect Enterprise Certified Container could allow a remote attacker to hijack the clicking actio...