CVE-2021-29715

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018...

Code injection

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774...

Design/Logic Flaw

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018...

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774...

CVE-2021-29772

IBM API Connect CVE-2021-29772 affects 5.0.0.0–5.0.8.11 and is due to unsanitized user input allowing code injection. The IBM advisory lists a fix in 5.0.8.12 (remediation). Affected component/stack is API Connect; network-exposed attack vector with low attacker complexity in some sources. No exp...

CVE-2021-29715

IBM API Connect 5.0.0.0–5.0.8.11 is affected by CVE-2021-29715, a remote-information-disclosure and denial-of-service issue caused by open ports. A remote attacker could obtain sensitive information or disrupt service. IBM’s bulletin confirms remediation by upgrading to V5.0.8.12 (and provides th...

CVE-2021-29715

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (201714)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 201714 DESCRIPTION: Gutenberg module for Drupal could allow a remote attacker to bypass security restrictions, caused by improper validation of access rules in certain situations. By sendin...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-14845 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a hi...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal CKEditor (CVE-2021-26271, CVE-2021-26272)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-26271 DESCRIPTION: CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the Advanced Tab for Dialogs plugin. By persuading a victim t...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2020-27193)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-27193 DESCRIPTION: CKSource CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Color Button dialog. A remote attacker could exploit thi...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2021-33829)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33829 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Drupal dated modernizr library

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sendi...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2020-24553)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-24553 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the CGI/FCGI handlers. A remote attacker could exploit this...

Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in ngxresolvercopy while processing DNS responses. By sending a...

Security Bulletin: API Connect V5 is potentially vulnerable to code injection (CVE-2021-29772)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-29772 DESCRIPTION: IBM API Connect could allow a user to potentially inject code due to unsanitized user input. CVSS Base score: 5.6 CVSS Temporal Score: See:...

Security Bulletin: IBM API Connect is impacted by vulnerability CVE-2021-29715.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-29715 DESCRIPTION: IBM API Connect could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. CVSS Base score: 6.5 CVSS Temporal Score:...

IBM API Connect 安全漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure and denial of service vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability originates from an open port. A remote user can exploit the vulnerability to obtain sensitiv...

IBM API Connect 代码注入漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. a code injection vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability stems from unvalidated user input. An attacker could exploit the vulnerability to inject code...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-31525)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or ReadResponse. Server, Transport, and...