IBM App Connect Enterprise Certified Container
Easy fix3 remedies
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:*:*:*:*:*:*:*
Easy fix3 remedies
- >= 12.0.11.1-r1, <= 12.0.12.5-r1
- >= 13.0.1.0-r1, <= 13.0.6.0-r1
- >= 12.0.12-r1, <= 12.0.12-r19
IBM App Connect Enterprise Certified Container Untrusted Search Path Vulnerability Allowing Access to Sensitive Files and Configuration Modifications
Vulnerability
Patched
A vulnerability exists in IBM App Connect Enterprise Certified Container versions up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support). The issue arises from an untrusted search path, which could enable an attacker to access sensitive files or alter configurations. This vulnerability is linked to insufficient write protection for files within the mapping assistance image, potentially leading to a loss of confidentiality.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive files or unauthorized modifications to configurations.
Remediation
Users are advised to upgrade to IBM App Connect Enterprise Certified Container Operator version 12.20.0 or higher for the Continuous Delivery release, and version 12.0.20 or higher for the Long Term Support release. Additionally, ensure that all DesignerAuthoring components are updated to version 13.0.6.1-r1 or higher for Continuous Delivery, and version 12.0.12-r20 or higher for Long Term Support. Documentation on the upgrade process is available on the IBM App Connect documentation site.
Added: Feb 5, 2026, 2:23 PM
Updated: Feb 5, 2026, 3:03 PM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
5.0exploitability
3.4remediation
8.3relevance
2.5threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.