High Severity

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

July 4, 2022

Share this post:

IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async (CVE-2021-43138) and nconf (CVE-2022-21803) modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes async >=3.2.3 and nconf 0.12.0

CVE(s): CVE-2021-43138, CVE-2022-21803

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM App Connect Enterprise	12.0.1.0 – 12.0.4.0
IBM App Connect Enterprise	11.0.0.0 – 11.0.0.17
IBM Integration Bus	10.0.0.0 – 10.0.0.26

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6601137
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223605
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224357

High Severity

Security Bulletin: Due to use of zLib IBM Tivoli Network Manager is vulnerable to denial of service (CVE-2018-25032)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )

August 13, 2022 | High Severity

Vulnerabilities have beein found in VMware vCenter. vCenter is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more

Security Bulletin: Vulnerability in polkit affects Cloud Pak System ( CVE-2021-4034)

August 13, 2022 | High Severity

Polkit is used by IBM Cloud System OS. This security bulletin service applies to IBM Cloud System , IBM Cloud System Software and IBM Cloud System Software Suite. ...read more

Security Bulletin: Vulnerability in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System

August 13, 2022 | High Severity

Vulnerability found in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System. Cloud Pak System has addressed this vulnerability. ...read more

High Severity

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

Security Bulletin: Due to use of zLib IBM Tivoli Network Manager is vulnerable to denial of service (CVE-2018-25032)

Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )

August 13, 2022 | High Severity

Security Bulletin: Vulnerability in polkit affects Cloud Pak System ( CVE-2021-4034)

August 13, 2022 | High Severity

Security Bulletin: Vulnerability in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System

August 13, 2022 | High Severity