Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (PHP CVE-2020-7067)

Summary IBM API Connect had addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7067 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the urldecode function. By persuading a victim to open a...

CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489...

CVE-2020-4251

IBM API Connect versions 5.0.0.0–5.0.8.8 are vulnerable to cross-site scripting in the Web UI, allowing an attacker to inject arbitrary JavaScript that could lead to credentials disclosure in a trusted session. The root cause is XSS in the Web UI. Remediation: the vulnerability was addressed in I...

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2020-33089)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.8...