Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the 5.0.8.2 iFix for IBM API Connect in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM API Management 4.0.0.0-4.0.4.6 IBM API Connect...

Security Bulletin: API Connect is affected by a vulnerability by which an authenticated user could generate an API token

Summary API Connect has addressed the following vulnerability. An authenticated user could be allowed to generate an API token when not subscribed to the application plan. Vulnerability Details CVEID: CVE-2017-1555 DESCRIPTION: IBM API Connect could allow an authenticated user to generate an API...

CVE-2017-1556

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...

CVE-2017-1556

CVE-2017-1556 affects IBM API Connect versions 5.0.7.0–5.0.7.2. The vulnerability is a regular expression attack that could allow an authenticated attacker to provide inputs via regex to slow down or hang the system. IBM’s security bulletin notes the affected product and versions, with a fixed re...