High Severity

Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling

Share this post:

App Connect Enterprise Certified Container when running Desginer flows may be vulnerable to Denial of Service via to CVE-2020-8237, HTTP request smuggling via CVE-2020-8201 or buffer overflows via CVE-2020-8252.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 1.0.0 with Operator
App Connect Enterprise Certified Container 1.0.1 with Operator
App Connect Enterprise Certified Container 1.0.2 with Operator
App Connect Enterprise Certified Container 1.0.3 with Operator
App Connect Enterprise Certified Container 1.0.4 with Operator
App Connect Enterprise Certified Container 1.0.5 with Operator

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6382230

More stories

Security Bulletin: Vulnerability in BIND affects AIX (CVE-2021-25215)

Jul 29, 2021 8:04 pm EDT | High Severity

There is a vulnerability in BIND that affects AIX. ...read more


Security Bulletin: IBM® Db2® could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. (CVE-2020-4739)

Jul 28, 2021 8:06 pm EDT | High Severity

IBM Db2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. ...read more


Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale.

Jul 28, 2021 8:02 pm EDT | High Severity

There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale, which could allow a remote attacker to inject arbitrary code in the system. ...read more