heise PlusAbo
Anzeige

IBM App Connect Enterprise Toolkit can leak data

Important security updates have been released for IBM App Connect Enterprise Toolkit, InfoSphere and WebSphere.

listen Print view
A woman presses a symbolic update button.

(Image: Alfa Photo/Shutterstock.com)

2 min. read
Security
By

For security reasons, administrators of IBM applications should install the latest updates. If this is not done, attackers can attack systems and execute malicious code, among other things. So far, there are no reports of ongoing attacks.

Security patches available

The most dangerous is a vulnerability (CVE-2025-4949 “critical”) in the Eclipse JGit component of IBM App Connect Enterprise Toolkit and Integration Bus for z/OS Toolkit. Errors can occur if XML files prepared by attackers are processed. If such an attack succeeds, data may be leaked or DoS states may occur. The developers claim to have solved the security problem in v13 Fix Pack Release 13.0.5.0.

A malicious code vulnerability (CVE-2025-36245 “high”) threatens InfoSphere Information Server. However, an attacker must be authenticated for this. If this is the case, they can execute their commands.

The remaining vulnerabilities are categorized as “medium” threat level. Attackers can use these vulnerabilities to paralyze WebSphere Application Server via a DoS attack, for example. Admins can find further information on the vulnerabilities and security updates in the linked alerts.

Videos by heise

Most recently, IBM's developers closed DoS gaps in the data analysis platform SPSS Analytic Server.

List sorted by threat level in descending order:

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten