Lucene search

K
ibmIBME58CF8213E8AE04F23F33FD4E7F9009B5B82E8BEDEB6D0BBD6AB0B6C878B314B
HistoryAug 16, 2021 - 11:03 p.m.

Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-27919)

2021-08-1623:03:41
www.ibm.com
13
ibm api connect
vulnerability
golang
cve-2021-27919
denial of service
zip archive
cvss
update
security fix

EPSS

0.001

Percentile

29.8%

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2021-27919
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with โ€œโ€ฆ/โ€. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198076 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

API Connect V10.0.0.0 - V10.0.1.2
API Connect
V10.0.1-10.0.2

API Connect| V2018.4.1.0-2018.4.1.16

Remediation/Fixes

Affected Product Addressed in VRMF APAR Remediation/First Fix

IBM API Connect

V2018.4.1.0-2018.4.1.16

| 2018.4.1.17| LI82279 |

Addressed in IBM API Connect V2018.4.1.17.

Follow this link and find the appropriate package.

http://www.ibm.com/support/fixcentral/swg/quickorder

IBM API Connect

V10.0.0.0-V10.0.1.1

| 10.0.1.2|

LI82279

|

Addressed in IBM API Connect V10.0.1.4.

Follow this link and find the appropriate package.

http://www.ibm.com/support/fixcentral/swg/quickorder

IBM API Connect

V10.0.1-10.0.2

| 10.0.3
|

LI82279

|

Addressed in IBM API Connect 10.0.3.

Follow this link and find the appropriate package.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None

EPSS

0.001

Percentile

29.8%