High Severity

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

Share this post:

IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async (CVE-2021-43138) and nconf (CVE-2022-21803) modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes async >=3.2.3 and nconf 0.12.0

CVE(s): CVE-2021-43138, CVE-2022-21803

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM App Connect Enterprise 12.0.1.0 – 12.0.4.0
IBM App Connect Enterprise 11.0.0.0 – 11.0.0.17
IBM Integration Bus 10.0.0.0 – 10.0.0.26

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6601137
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223605
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224357

More stories

Security Bulletin: Vulnerabilities in vCenter affect IBM Cloud Pak System (CVE-2021-21980, CVE-2021-22049 )

August 13, 2022 | High Severity

Vulnerabilities have beein found in VMware vCenter. vCenter is shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ...read more


Security Bulletin: Vulnerability in polkit affects Cloud Pak System ( CVE-2021-4034)

August 13, 2022 | High Severity

Polkit is used by IBM Cloud System OS. This security bulletin service applies to IBM Cloud System , IBM Cloud System Software and IBM Cloud System Software Suite. ...read more


Security Bulletin: Vulnerability in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System

August 13, 2022 | High Severity

Vulnerability found in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System. Cloud Pak System has addressed this vulnerability. ...read more