IBM7ACE0D92574566F6FDD3C5D2F995F4934D6D3D6895383902FA1B2FFE6BB5413DSecurity Bulletin: API security restrictions can be bypassed in IBM API Connect (CVE-2017-1328)
0.002 Low
EPSS
Percentile
59.1%
Summary
APIs managed by API Connect which are protected by security restrictions could be accessed without providing valid security credentials.
Vulnerability Details
CVEID: CVE-2017-1328**
DESCRIPTION:** IBM API Connect could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126230 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM API Connect V5.0.0.0 - V5.0.6.2
Remediation/Fixes
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Connect| 5.0.0.0 - 5.0.6.2 | LI79309| Apply V5.0.6.2_iFix1
Workarounds and Mitigations
None
Related
0.002 Low
EPSS
Percentile
59.1%