Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11038 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an uninitialized read in the gdImageCreateFromXbm function. By sending a specially-crafted...

CVE-2018-2011

IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150...

CVE-2018-2011

IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150...

PT-2019-9998 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 2018.1 through 2018.4.1.5 Description: The issue could disclose sensitive information to an unauthorized user, potentially aiding in further attacks against the system. Recommendations: For versions 2018.1 through...

PT-2019-9991 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 2018.1 through 2018.4.1.5 Description: The issue allows an attacker to obtain sensitive information from a specially crafted HTTP request, which could aid in further attacks against the system. Recommendations: For...

Security Bulletin: IBM API Connect Developer Portal is impacted by a vulnerability in Drupal core (CVE-2019-11831)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11831 DESCRIPTION: The PharStreamWrapper package as used in Typo3 and Drupal could allow a remote attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a...

Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2013 DESCRIPTION: IBM API Connect could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. CVSS Base Score: 5.3 CVSS Temporal Score: S...

Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9946 DESCRIPTION: Kubernetes could provide weaker than expected security, caused by an interaction when paired with the embedded CNI Container Networking Interface that uses the portmap plugin...

Security Bulletin: IBM API Connect is affected by a clickjacking vulnerability (CVE-2018-2015)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2015 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could explo...