CVE-2021-38997 IBM API Connect HOST header injection

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

CVE-2021-38997

IBM API Connect is affected by CVE-2021-38997 through multiple version ranges: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.19. The root cause is improper validation of input in the HOST header, leading to HTTP header injection. Reported impacts include cross-site scripting, cach...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...

PT-2022-10836 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.19 Description: The issue is caused by improper validation of input by the HOST headers...

Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary A vulnerable version of JQuery-UI was used by API Connect. The fix includes updated JQuery-UI which addresses CVE-2021-41184, CVE-2021-41183, and CVE-2021-41182. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)

Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

PT-2022-6311 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.20 Description: The issue is caused by improper validation of user-supplied input,...

Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM API Connect V10 is vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4. Spring-webmvc or...

Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)

Summary Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial ...

Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in Java SE (CVE-2020-14782)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact,...

Security Bulletin: Vulnerability in Apache Log4j affects IBM API Connect (APIC) (CVE-2021-44228)

Summary IBM API Connect APIC has addressed the Apache Log4j vulnerability CVE-2021-44228 by updating to Apache Log4j v2.15.0 and removing the vulnerable JndiLookup class in the affected analytics and management V5 only server components. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION:...

Security Bulletin: IBM API Connect is impacted by a vulnerabilities in Node.js (CVE-2021-22884, CVE-2021-22883)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-22884 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error when the allowlist includes "localhost6". By controlling the victim's DNS server or spoofing its responses, ...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal core (CVE-2021-32610)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-32610 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary code on the system, caused by the use of the third-party PEAR ArchiveTar library. By persuading a victim to...

Security Bulletin: IBM API Connect is impacted by a vulnerability in PostgreSQL (CVE-2021-32029)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-32029 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by an error when using an UPDATE…RETURNING command on a purpose-crafted table...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Type response...

IBM API Connect Information Disclosure and Denial of Service Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure and denial of service vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability originates from an open port. A remote user can exploit the vulnerability to obtain sensitiv...

IBM API Connect Code Injection Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. a code injection vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability stems from unvalidated user input. An attacker could exploit the vulnerability to inject code...

CVE-2021-29715

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018...

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774...

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774...