IBM App Connect Enterprise Certified Container
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM App Connect Enterprise Certified Container.
By the Year
In 2026 there have been 1 vulnerability in IBM App Connect Enterprise Certified Container with an average score of 5.1 out of ten. Last year, in 2025 App Connect Enterprise Certified Container had 4 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 1.45
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 5.10 |
| 2025 | 4 | 6.55 |
| 2024 | 2 | 8.45 |
| 2023 | 2 | 6.30 |
| 2022 | 2 | 5.70 |
| 2021 | 1 | 2.30 |
| 2020 | 1 | 5.40 |
It may take a day or so for new App Connect Enterprise Certified Container vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM App Connect Enterprise Certified Container Security Vulnerabilities
IBM App Connect CE Container Untrusted Search Path Enables Sens Access (12.19)
CVE-2025-13491
5.1 - Medium
- February 05, 2026
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
Untrusted Path
IBM ACE Certified Container Uses Weak Crypto, Local Decrypt Vulnerability
CVE-2025-1993
5.1 - Medium
- May 09, 2025
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
Weak Password Requirements
IBM App Connect Certified Container 7.2-12.8 DoS via Server Input Validation
CVE-2024-52362
6.5 - Medium
- March 12, 2025
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
Improper Validation of Syntactic Correctness of Input
IBM App Connect Cert. Container 7.1-12.7: Pods Network Egress Not Restricted
CVE-2022-43916
9.1 - Critical
- January 30, 2025
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure.
Improper Restriction of Communication Channel to Intended Endpoints
IBM App Connect Enterprise Certified Container v7.1-12.4 Unrestricted Local FS Write in OpenShift P
CVE-2022-22491
5.5 - Medium
- January 09, 2025
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted.
Allocation of Resources Without Limits or Throttling
IBM App Connect Enterprise Certified Container: Remote Command Execution Vulnerability
CVE-2024-51465
8.8 - High
- December 04, 2024
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
Shell injection
PrivEsc via unshare in IBM App Connect Enterprise Certified Container 5.0-12.1
CVE-2022-43915
8.1 - High
- August 24, 2024
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with privileged access to execute commands in a running Pod to elevate their user privileges.
Incorrect Permission Assignment for Critical Resource
IBM App Connect Enterprise Cert Container XSS in Web UI (v4.1-7.0)
CVE-2022-43874
6.1 - Medium
- March 15, 2023
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.
XSS
IBM App Connect Enterprise Cert Container Weak API Key Hash Disclosure
CVE-2022-43922
6.5 - Medium
- February 01, 2023
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.
Inadequate Encryption Strength
IBM App Connect Enterprise Certified Container 4.2 could
CVE-2022-31770
4.9 - Medium
- July 05, 2022
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5
CVE-2022-22404
6.5 - Medium
- April 01, 2022
IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate limiting.
Allocation of Resources Without Limits or Throttling
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could
CVE-2021-29759
2.3 - Low
- July 07, 2021
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.
Insertion of Sensitive Information into Log File
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could
CVE-2020-4785
5.4 - Medium
- November 03, 2020
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.
Clickjacking
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM App Connect Enterprise Certified Container or by IBM? Click the Watch button to subscribe.
