Low Severity

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to trusting expired certificates due to CVE-2021-22939

Share this post:

IBM App Connect Enterprise Certified Container may be vulnerable to trusting expired certificates due to CVE-2021-22939. This only affects Node.js runtime processes.

CVE(s): CVE-2021-22939

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 1.0 with Operator
App Connect Enterprise Certified Container 1.1 with Operator
App Connect Enterprise Certified Container 1.2 with Operator
App Connect Enterprise Certified Container 1.3 with Operator
App Connect Enterprise Certified Container 1.4 with Operator
App Connect Enterprise Certified Container 1.5 with Operator
App Connect Enterprise Certified Container 2.0 with Operator

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6507023
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/207233

More stories

Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Tivoli Business Service Manager (CVE-2013-0248)

Dec 1, 2021 7:02 pm EST | Low Severity

Apache Commons FileUpload is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons FileUpload has been published in a security bulletin. ...read more


Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition

Nov 30, 2021 7:04 pm EST | Low Severity

CVE-2021-2341 was disclosed as part of the Oracle July 2021 Critical Patch Update. ...read more


Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)

Nov 25, 2021 7:01 pm EST | Low Severity

IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. ...read more