Summary Node.js module @apidevtools/json-schema-ref-parser is used by IBM App Connect Enterprise Certified Container for processing JSON schemas defining the App Connect Enterprise administration API. IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module @apidevtools/json-schema-ref-parser. [CVE-2024-29651] Vulnerability Details ** CVEID: CVE-2024-29651 DESCRIPTION: **API Dev Tools json-schema-ref-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the bundle(), parse(), resolve() and dereference() functions. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/291139 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— App Connect Enterprise Certified Container| 5.0-lts App Connect Enterprise Certified Container| 10.1 App Connect Enterprise Certified Container| 11.0 App Connect Enterprise Certified Container| 11.1 App Connect Enterprise Certified Container| 11.2 App Connect…Read More