Servers with IBM App Connect Enterprise can crash after attack
IBM's integration software App Connect Enterprise is vulnerable to attack via a security gap. A security patch is available for download.
(Image: Artur Szczybylo/Shutterstock.com)
Because a component in IBM App Connect Enterprise is vulnerable, attackers can attack servers.
Security update available
Videos by heise
IBM's integration software controls the flow of information between different applications. In a post, the developers explain that the vulnerability (CVE-2024-37890 "high") affects the Node.jsws module. At this point, sending a request with multiple HTTP headers can cause a server crash (DoS).
The developers state that the vulnerability has been closed in App Connect Enterprise c12- Fix Pack Release 12.0.12.4. The developers' article does not mention any current attacks. Nevertheless, admins should update the software to the latest version as soon as possible.
(des)
