CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-46451)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect versions 2018.1 through...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-31124)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect versions 2018.1 through...

CVE-2019-4402

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263...

Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-9634)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9634 DESCRIPTION: Go could allow a remote attacker to execute arbitrary code on the system, caused by a improper loading of Dynamic-link library in the LoadLibrary function. By persuading a...

Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11038 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an uninitialized read in the gdImageCreateFromXbm function. By sending a specially-crafted...

CVE-2018-2011

IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150...

CVE-2018-2011

IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150...

PT-2019-9998 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 2018.1 through 2018.4.1.5 Description: The issue could disclose sensitive information to an unauthorized user, potentially aiding in further attacks against the system. Recommendations: For versions 2018.1 through...

PT-2019-9991 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 2018.1 through 2018.4.1.5 Description: The issue allows an attacker to obtain sensitive information from a specially crafted HTTP request, which could aid in further attacks against the system. Recommendations: For...

Security Bulletin: IBM API Connect Developer Portal is impacted by a vulnerability in Drupal core (CVE-2019-11831)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11831 DESCRIPTION: The PharStreamWrapper package as used in Typo3 and Drupal could allow a remote attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a...

Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2013 DESCRIPTION: IBM API Connect could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. CVSS Base Score: 5.3 CVSS Temporal Score: S...

Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2018-2007

CVE-2018-2007 affects IBM API Connect (2018.1 and 2018.4.1.2) where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The bulletin lists affected versions as IBM API Connect | 5.0.0.0–5.0.8.5, with remediation in VRMF 5.0.8.6 fixpack (L...

IBM API Connect Privileging Vulnerability (CNVD-2019-09479)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An elevation of privilege vulnerability exists in Developer Portal in IBM API Connect versions...

Security Bulletin: IBM API Connect Developer Portal is affected by multiple PHP vulnerabilities (CVE-2019-9641 CVE-2019-9637 CVE-2019-9639 CVE-2019-9638)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9638 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an uninitialized read flaw in the exifprocessIFDinMAKERNOTE method. An attacker could...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-12760)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 2018.1 through 2018.4.1.2. An attack...

CVE-2019-4052

CVE-2019-4052 affects IBM API Connect versions 2018.1–2018.4.1.2. The vulnerability allows unauthenticated users to discover login IDs of registered users via API access, constituting an information-disclosure flaw. IBM’s IBMX-Force/NVD entries confirm an impact on login-id exposure with CVSS v3....