Code injection

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

CVE-2023-28522

CVE-2023-28522 affects IBM API Connect V10 and is an improper access control vulnerability that could allow an authenticated user to perform actions they should not have access to. The IBM Security Bulletin (and related entries) confirm the issue in API Connect V10.x and provide remediation paths...

CVE-2023-28522 IBM API Connect improper access control

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

CVE-2023-28522 IBM API Connect improper access control

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version V10 that...

Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

Summary IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522. Vulnerability Details CVEID:CVE-2023-28522 DESCRIPTION: IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. CVSS Base score: 4.3 CVSS...

Unspecified Vulnerability in IBM API Connect (CNVD-2023-09609)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect that stems from...

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

Input validation

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

CVE-2022-34350

CVE-2022-34350 – IBM API Connect is affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. Affected versions: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.20. The issue can induce the application to perform server-side DNS ...

CVE-2022-34350 IBM API Connect security bypass

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

CVE-2022-34350 IBM API Connect security bypass

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

IBM API Connect 输入验证错误漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect that stems from...

Security Bulletin: IBM API Connect is impacted by an external service interaction vulnerability (CVE-2022-34350)

Summary IBM API Connect has addressed the following external service interaction vulnerability CVE-2022-34350. Vulnerability Details CVEID:CVE-2022-34350 DESCRIPTION: IBM API Connect is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remo...

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling (CVE-2022-35256)

Summary This issue may affect the management interface for the API Connect Gateway Service. IBM has addressed the CVE. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not...

CVE-2021-38997

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

CVE-2021-38997

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

Cross site scripting

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary IBM API Connect has addressed the following vulnerability in OpenSSL CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By...

CVE-2021-38997

IBM API Connect is affected by CVE-2021-38997 through multiple version ranges: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.19. The root cause is improper validation of input in the HOST header, leading to HTTP header injection. Reported impacts include cross-site scripting, cach...