Lucene search
IBM6A89813A18E3DA80E7383B3A41D44CCA24109CEB5E16A79FB26EA05B2560BFCEHistoryAug 25, 2021 - 1:26 p.m.
Security Bulletin: API Connect V5 is potentially vulnerable to code injection (CVE-2021-29772)
2021-08-2513:26:16
www.ibm.com
6
ibm api connect
vulnerability
code injection
cve-2021-29772
security fix
management server
EPSS
0.002
Percentile
61.4%
Summary
IBM API Connect has addressed the following vulnerability.
Vulnerability Details
CVEID:CVE-2021-29772
**DESCRIPTION:**IBM API Connect could allow a user to potentially inject code due to unsanitized user input.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202774 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| API Connect | IBM API Connect V5.0.0.0-5.0.8.11 |
Remediation/Fixes
| Affected Product | Addressed in VRMF | APAR | Remediation/First Fix |
|---|
IBM API Connect
V5.0.0.0-V5.0.8.11
| 5.0.8.12|
LI82077
|
Addressed in IBM API Connect V5.0.8.12
Management server is impacted.
Follow this link and find the appropriate “Management” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
Workarounds and Mitigations
None
Related
cnvd
cnvd
IBM API Connect Code Injection Vulnerability
2021-08-27 00:00:00
cve
cve
CVE-2021-29772
2021-08-26 20:15:07
prion
prion
Code injection
2021-08-26 20:15:00
cvelist
cvelist
CVE-2021-29772
2021-08-26 19:25:25
nvd
nvd
CVE-2021-29772
2021-08-26 20:15:07
EPSS
0.002
Percentile
61.4%
Related for 6A89813A18E3DA80E7383B3A41D44CCA24109CEB5E16A79FB26EA05B2560BFCE