Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-9634)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9634 DESCRIPTION: Go could allow a remote attacker to execute arbitrary code on the system, caused by a improper loading of Dynamic-link library in the LoadLibrary function. By persuading a...

Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

Security Bulletin: API Connect V2018 is impacted by sensitive information disclosure (CVE-2019-4051)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4051 DESCRIPTION: Some URIs in API Connect disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses...