Zurück zur Liste

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka are vulnerable to loss of confidentiality (CVE-2025-27817, CVE-2025-27818) — CVE-2025-27818

IBM · CVE-2025-27818

ID
CVE-2025-27818

Datum
2026-06-04

Activity
2026-06-04

Quelle
IBM

Risiko
high

Zusammenfassung

CVE-2025-27818 is a Hinweis from IBM. Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka are vulnerable to loss of confidentiality (CVE-2025-27817, CVE-2025-27818) Severity/Threat: high.

Produkt

IBM App Connect Enterprise

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Mehr dazu

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU

2026-06-16 CVE-2026-34268

highIBM 2026-W25

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2026 - Includes OpenJDK April 2026 CPU plus CVE-2026-6918

2026-06-16 CVE-2026-34282

highIBM 2026-W25

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module file-type ( CVE-2026-31808 )

2026-06-16 CVE-2026-31808

mediumIBM 2026-W25

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module path-to-regexp

2026-06-16 CVE-2026-4867

highIBM 2026-W25

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)

2026-06-16 CVE-2026-6322

highIBM 2026-W25

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by insufficient verification of data authenticity in PyJWT

2026-06-16 CVE-2026-32597

highIBM 2026-W25