Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-33194).

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33194 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (CVE-2021-33829)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33829 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious...

Security Bulletin: IBM API Connect is impacted by a cross site scripting vulnerability in Drupal core SA-CORE-2021-002

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 200544 DESCRIPTION: Drupal core is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the sanitization API. A remote authenticated attacker could...

IBM API Connect HOST Injection Vulnerability

IBM API Connect APIConnect is an integration solution for managing the lifecycle of APIs from IBM. The product supports creating, running, managing and securing APIs and microservices, etc. An injection vulnerability exists in IBM API Connect HOST, which stems from the product's host header not...

CVE-2020-4706

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to...

CVE-2020-4706

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to...

Cross site scripting

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to...

CVE-2020-4706

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to...

CVE-2020-4706

IBM API Connect (5.0.0.0–5.0.8.10) is affected by CVE-2020-4706, an HTTP Host header injection vulnerability caused by insufficient validation of input in the HOST header. A remote attacker could craft a request to inject the HOST header, enabling cross-site scripting, cache poisoning, or session...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-27919)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-27919 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with “../”. By persuading a victim to...

Security Bulletin: IBM API Connect on cloud is impacted by HTTP header injection vulnerability (CVE-2020-4706)

Summary IBM API Connect on cloud V5 has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4706 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a...

IBM API Connect 跨站脚本漏洞

IBM API Connect APIConnect is an integration solution for managing the lifecycle of APIs from IBM. The product supports creating, running, managing and securing APIs and microservices, etc. An injection vulnerability exists in IBM API Connect HOST, which stems from the product's host header not...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability...

Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities

Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by an endless loop in the php-fpm main process. A remote attacker could exploit this vulnerability to exhaust CPU and disk space resources. Nginx is vulnerable to...

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2021-88200)

IBM API Connect is an integrated solution for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect. The vulnerability stems from the lack of proper...

CVE-2020-4707

IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370...

CVE-2020-4707

IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370...

Cross site scripting

IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370...

CVE-2020-4707

The CVE-2020-4707 issue affects IBM API Connect Web UI in versions 5.0.0.0 through 5.0.8.11, where lack of proper validation allows stored or reflected cross-site scripting that can cause arbitrary JavaScript execution, potentially leading to credential disclosure within a trusted session. The vu...

CVE-2020-4707

IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370...