Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this...

CVE-2022-31773

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357...

CVE-2022-31773

CVE-2022-31773 affects IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1, where a cross-site request forgery (CSRF) in the Web UI could let an attacker perform malicious, unauthorized actions on behalf of a trusted user. The root cause is CSRF in the web application that does not adequately valid...

Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools

Summary Open-vm-tools is used only in IBM DataPower Gateway Virtual Edition for communicating with the Hypervisor to perform such tasks as reboot or shutdown of the VM. The limited functionality employed in this use should not expose these CVEs to exploitation; IBM has addressed the CVEs out of a...

Security Bulletin: IBM DataPower vulnerable to DoS

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2020-4994 DESCRIPTION: IBM DataPower Gateway could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. CVSS Base score: 5.3 CVSS Temporal Score: See:...

CVE-2020-4205

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961...

CVE-2018-2009

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-07362)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in the consumer API in IBM API Connect versions...

IBM API Connect Authentication Bypass Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. An authentication bypass vulnerability exists in LoopBack in IBM API Connect versions 2018.1 through...

Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778)

Summary API Connect has addressed the following vulnerability. IBM LoopBack could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, because it is then possible for anyone to create an AccessToken for any User, provided they know the userID and can hen...

Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779)

Summary API Connect has addressed the following vulnerability. The management microservice in API Connect version 2018.1 through 2018.3.7 is vulnerable to denial of service attacks via large JSON payloads. An attacker can flood the management service with unauthenticated api requests with large...