Medium Severity

Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906)

Share this post:

IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance of IBM App Connect.

CVE(s): CVE-2021-29906

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 1.0 with Operator
App Connect Enterprise Certified Container 1.1 with Operator
App Connect Enterprise Certified Container 1.2 with Operator
App Connect Enterprise Certified Container 1.3 with Operator
App Connect Enterprise Certified Container 1.4 with Operator
App Connect Enterprise Certified Container 1.5 with Operator

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6497177
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/207630

More stories

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2021-29849)

Nov 30, 2021 7:04 pm EST | Medium Severity

IBM QRadar SIEM is vulnerable to cross-site scripting ...read more


Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2021 CPU

Nov 30, 2021 7:04 pm EST | Medium Severity

There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for "IBM Java SDK Security Bulletin" located in the References section for more information. HP fixes are on a delayed schedule. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Nov 30, 2021 7:04 pm EST | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. ...read more