High Severity
Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)
April 29, 2022
Categorized: High Severity
Share this post:
This fix removes the Apache Log4j.jar file from IBM Integration Designer.
CVE(s): CVE-2021-4104
Affected product(s) and affected version(s):
| Affected products | Versions |
| Integration Designer | 21.0.3 |
| Integration Designer | 21.0.2 |
| Integration Designer | 20.0.0.2 |
| Integration Designer | 19.0.0.2 |
| Integration Designer | 8.5.7 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6562361
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048
Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)
August 18, 2022 | High Severity
IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard. ...read more
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949
August 18, 2022 | High Severity
Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API endpoint via an untrusted proxy. This bulletin provides patch information to address the reported vulnerabilities CVE-2022-35948 and CVE-2022-35949 in Node.js module undici. ...read more
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
August 18, 2022 | High Severity
IBM Security Guardium has addressed the following vulnerabilities. ...read more