EUVD-2026-32271

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...

CVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1...

CVE-2025-13490

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1...

CVE-2025-13490 IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1...

EUVD-2025-208249

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1...

PT-2026-22794

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1...

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable, proven messaging backbone for Service Oriented Architecture SOA. IBM-supplied MQ Advanced container images are standard container images officially provided by IBM,...

EUVD-2025-34516

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

CVE-2025-26861

CVE-2025-26861 affects RemoteCall Remote Support Program (for Operator). The vulnerability is an uncontrolled search path element (CWE-427) in versions prior to 5.3.0, which could allow arbitrary code execution if a crafted DLL is placed in the same folder as the affected product. Public sources ...

CVE-2025-26860

The CVE-2025-26860 entry concerns RemoteCall Remote Support Program (for Operator) prior to version 5.1.0. The vulnerability is an uncontrolled search path element (CWE-427) that can allow arbitrary code execution if a crafted DLL is placed in the application’s folder. Documents confirm the root ...

CVE-2025-27365

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it...

CVE-2025-1333

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information t...

PT-2025-15871 · Canonical · Charmed Mysql Machine Operator +1

Name of the Vulnerable Software and Affected Versions: Charmed MySQL K8s operator versions prior to revision 221 Charmed MySQL machine operator versions prior to revision 338 Description: The Charmed MySQL K8s operator has a method for calling SQL DDL or python-based mysql-shell scripts that can...

GHSA-29WX-VH33-7X7R vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, zot, traefik, trivy-fips, skaffold, boring-registry, terraform, ko, temporal-fips, git-sync, kaniko, harbor, keda, falcoctl, crossplane-provider-azure-authorization, kyverno-fips, keda-fips, vault, harbor-fips, azuredisk-csi-fips,...

PT-2024-28982 · Ibm · Ibm Mq +1

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.3 CD and 9.4 LTS/CD IBM MQ Operator versions 2.0.26 and 3.2.4 Description: The issue is related to improper memory allocation, which can cause a segmentation fault, allowing a local user to cause a denial of service...

PT-2024-28657 · Ibm · Ibm Mq Container Developer Edition +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.24 through 3.2.2 IBM MQ Container Developer Edition affected versions not specified Description: The issue is caused by incorrect memory de-allocation, leading to a denial of service. A remote attacker could explo...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer components that use Designer flows may be vulnerable to CVE-2022-1233

Summary Node.js module URI.js is used by IBM App Connect Enterprise Certified Container for processing URIs in Designer flows. IBM App Connect Enterprise Certified Container IntegrationServers that Designer flows may be vulnerable to CVE-2022-1233. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2021-22918

Summary IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2021-22918. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22918 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an out-of-bounds read ...