Security Bulletin: Potential disclosure of information in IBM DataPower Gateway (CVE-2018-14348)

Summary IBM DataPower Gateway has addressed CVE 2018-14348 Vulnerability Details CVEID: CVE-2018-14348 DESCRIPTION: libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. CVSS Base score: 5.3 CVSS Temporal...

CVE-2020-4203

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956...

IBM DataPower Gateway Security Bypass Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes (CVE-2019-11251)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11251 DESCRIPTION: Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in kubectl cp that allows a combination of two symlinks to copy a file...

Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11043 DESCRIPTION: In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocat...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11253)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11253 DESCRIPTION: Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send...

Security Bulletin: API Connect is impacted by credential caching

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4444 DESCRIPTION: IBM API Connect Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials...

Security Bulletin: IBM API Connect is impacted by a vulnerability in libexpat (CVE-2019-15903)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber...