IBM869D3B2E67F71714B7C5159A34A85E522DF442E8B9F951EDA2D9D91583A1A49BSecurity Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7060, CVE-2020-7059)
EPSS
Percentile
74.0%
Summary
IBM API Connect has addressed the following vulnerabilities.
Vulnerability Details
CVEID:CVE-2020-7060
**DESCRIPTION:**PHP is vulnerable to a buffer overflow, caused by improper bounds checking by the mbfl_filt_conv_big5_wchar function. By sending specially crafted data, a remote attacker could overflow a buffer and obtain sensitive information or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175204 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-7059
**DESCRIPTION:**PHP is vulnerable to denial of service, caused by an out-of-bounds read in php_strip_tags_ex. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175030 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| API Connect | IBM API Connect V2018.4.1.0-2018.4.1.10 |
| API Connect | IBM API Connect V5.0.0.0-5.0.8.7 |
Remediation/Fixes
Affected Product
|
Addressed in VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
IBM API Connect
V5.0.0.0-5.0.8.7
| 5.0.8.8 | LI81501 | Addressed in IBM API Connect V5.0.8.8
Developer Portal is impacted.
Follow this link and find the “Portal” package:
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
V2018.4.1.0-2018.4.1.10
| 2018.4.1.11 | LI81501 |
Addressed in IBM API Connect V2018.4.1.11
Developer Portal is impacted.
Follow this link and find the “Portal” package:
http://www.ibm.com/support/fixcentral/swg/quickorder
Workarounds and Mitigations
None
Related
EPSS
Percentile
74.0%