heise PlusAbo
Anzeige

IBM App Connect Enterprise Certified Container with malicious code vulnerability

In current versions, IBM developers have closed a vulnerability in App Connect Enterprise Certified Container.

listen Print view

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Due to a"critical" vulnerability in a Node.js module, attackers can attack systems running IBM App Connect Enterprise Certified Container with malicious code. Due to the classification of the vulnerability, it can be assumed that computers are then completely compromised. Security patches are available for download.

Critical malicious code vulnerability

The developers list the affected versions in a warning message. Versions 5.0.22, 12.0.6 and 12.6.0 are protected against possible attacks on the vulnerability (CVE-2024-21534). So far there are no reports of ongoing attacks. It also remains unclear how admins can recognize PCs that have already been compromised.

Videos by heise

The developers state that the jsonpath-plus module for processing JSON configurations does not check input sufficiently, meaning that malicious code can get onto systems.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten