High Severity

Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to Denial of Service attacks due to CVE-2021-23362 and CVE-2021-27290

Share this post:

IBM App Connect Enterprise Certified Container images may be vulnerable to Denial of Service attacks due to regular expression DoS vulnerabilities in the Node module npm. The npm module is not used at runtime by IBM App Connect Enterprise itself, but anyone using the certified containers as a base for their images may then have a version of npm that contains CVE-2021-23362 and CVE-2021-27290

CVE(s): CVE-2021-23362, CVE-2021-27290

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 1.0 with Operator
App Connect Enterprise Certified Container 1.1 with Operator
App Connect Enterprise Certified Container 1.2 with Operator
App Connect Enterprise Certified Container 1.3 with Operator
App Connect Enterprise Certified Container 1.4 with Operator
App Connect Enterprise Certified Container 1.5 with Operator

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6497077
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198792
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198144

More stories

Security Bulletin: A security vulnerability in Node.js jsonpointer module affects IBM Cloud Automation Manager

Dec 3, 2021 7:01 pm EST | High Severity

A security vulnerability in Node.js jsonpointer module affects IBM Cloud Automation Manager. ...read more



Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Dec 3, 2021 7:01 pm EST | High Severity

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. ...read more