Attackers can use several vulnerabilities in IBM App Connect Enterprise Container and MQ to attack systems. So far, there have been no reports of attacks. However, admins should not hesitate too long and install the security updates promptly to protect their instances from possible attacks.
DoS attacks conceivable
IBM’s Connect Enterprise Container integration software offering for merging business information from different applications can be attacked via several DoS vulnerabilities (CVE-2025-47935 “high”, CVE-2025-47944 “high”, CVE-2025-48997 “high”). The vulnerabilities affect the Node.js middleware Multer. Attackers can target it with crafted multipart upload requests, among other things. Processing the requests leads to a crash.
Attackers can also exploit another vulnerability (CVE-2025-48387 “high”) to gain write access in a specific context. The developers state in a security message that the following versions of IBM App Connect Enterprise Container are secured against this:
Further threats
IBM’s middleware software MQ is vulnerable to attack via several vulnerabilities classified as “medium” threat level. For example, attackers can carry out DoS attacks in unspecified ways(CVE-2025-3631, CVE-2025-3631) or bypass authentication due to errors in the verification of certificates (CVE-2025-33181). Versions 9.3.0.30, 9.4.0.12 and 9.4.3 are equipped against the attacks described.
(des)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!
