Security update: Various attacks on IBM App Connect Enterprise possible
IBM's integration platform App Connect Enterprise is vulnerable. Attackers can exploit several vulnerabilities.
(Image: Artur Szczybylo/Shutterstock.com)
IBM App Connect Enterprise can be attacked via a “critical” security vulnerability, among others. Attackers can gain higher user privileges, among other things. Security updates are available for download.
Protect systems from possible attacks
As indicated in a warning message, the vulnerabilities affect various software components, such as the JSON parser flatted. It contains the critical vulnerability (CVE-2026-33228). Due to insufficient checks, attackers can send prepared JSON data packets to vulnerable instances as part of a prototype pollution attack and thus gain higher user privileges, for example.
Due to a DoS vulnerability in fast-xml-parser (CVE-2026-33036 “high”), crashes can occur. Details on the other vulnerabilities now closed can be found in the linked warning message.
Videos by heise
The developers assure that the security issues have been resolved in IBM App Connect Enterprise v12 - Fix Pack Release 12.0.12.25 and IBM App Connect Enterprise v13 - Fix Pack Release 13.0.7.0. So far, there are no reports of attackers exploiting the vulnerabilities.
(des)
