Critical Severity

Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358)

Share this post:

IBM App Connect Enterprise v11 ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below.

CVE(s): CVE-2021-23358

Affected product(s) and affected version(s):

IBM App connect Enterprise V11 , V11.0.0.0 – V11.0.0.12

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6470841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198958

More stories

Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-27928

May 18, 2022 | Critical Severity

Summary guidance: A remote code execution issue was discovered in MariaDB in the version PowerVC ships. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. ...read more


Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527)

May 17, 2022 | Critical Severity

Mozilla Network Security Services is vulnerable to a heap-based buffer overflow which may affect IBM Spectrum Protect Plus. ...read more


Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

May 17, 2022 | Critical Severity

IBM Planning Analytics Workspace is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content. IBM Planning Analytics Workspace includes Spring 5.2.20. ...read more