IBM API Management is affected by a vulnerability in GNU glibc. This vulnerability is now fixed.
CVEID: CVE-2015-7547**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110662 for ontact support.the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM API Management V4.0
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Management| 4.0.0| LI78976| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=4.0.4.1&platform=All&function=fixId&fixids=4.0.4.1-APIManagement-ManagementAppliance-20160302-1342_PUB_IFIX_1.vcrypt2%3A67094276418854,4.0.4.1-APIManagement-ManagementAppliance-20160302-1342_PUB_IFIX_1.ova%3A67094276418854,4.0.4.1-APIManagement-AdvancedPortal-20160302-2359_PUB_IFIX_1.sh%3A67094276418854,4.0.4.1-APIManagement-AdvancedPortal-20160302-2359_PUB_IFIX_1.ova%3A67094276418854&includeSupersedes=0
None