Summary Bouncycastle bcprov is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilities in Bouncycastle bcprov. [CVE-2025-8885], [CVE-2025-8916] Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bounc…… https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bounc… , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bounc…… https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bounc… . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7. CWE:CWE-770: Allocation of Resources Without Limits or Throttling CVSS Source: NVD CVSS Base score: 6.3 CVSS Vector:(CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:U/V:X/RE:M/U:Amber) CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or…Read More