Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the 5.0.8.2 iFix for IBM API Connect in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM API Management 4.0.0.0-4.0.4.6 IBM API Connect...

Security Bulletin: API Connect is affected by a Node.js denial of service vulnerability (CVE-2017-14919)

Summary IBM API Connect has addressed the following vulnerability. Node.js is vulnerable to a denial of service, caused by an uncaught exception flaw in the zlib module. By making 8 an invalid value for the windowBits parameter, a remote attacker could exploit this vulnerability to cause the...

Security Bulletin: API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

Summary API Connect Developer Portal has addressed the following vulnerability. IBM API Connect Developer Portal is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality and potentially leadin...

Security Bulletin: API Connect is affected by a vulnerability by which an authenticated user could generate an API token

Summary API Connect has addressed the following vulnerability. An authenticated user could be allowed to generate an API token when not subscribed to the application plan. Vulnerability Details CVEID: CVE-2017-1555 DESCRIPTION: IBM API Connect could allow an authenticated user to generate an API...

Code injection

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...

CVE-2017-1551

Summary: CVE-2017-1551 affects IBM API Connect 5.0.0.0–5.0.6.3 and 5.0.7.0–5.0.7.2. A remote attacker could entice a victim to visit a malicious site to hijack the victim’s click actions (Cross Frame Scripting). Impact (as stated): potential to hijack click-to-action with possible further attacks...

CVE-2017-1556

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...

CVE-2017-1556

CVE-2017-1556 affects IBM API Connect versions 5.0.7.0–5.0.7.2. The vulnerability is a regular expression attack that could allow an authenticated attacker to provide inputs via regex to slow down or hang the system. IBM’s security bulletin notes the affected product and versions, with a fixed re...