Security Bulletin: IBM API Connect is impacted by reflected cross site scripting (CVE-2020-4707)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4707 DESCRIPTION: IBM API Connect is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...

Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHel...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-2014 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: PAM Auth Plugin component could allow an authenticated attacker to cause a denial of service...

Security Bulletin: IBM API Connect is vulnerable to cookie forgery via PHP (CVE-2020-7070)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7070 DESCRIPTION: PHP could allow a remote attacker to bypass security restrictions, caused by the lack of validation/integrity check security for HTTP cookie. By using a specially-crafted HTT...

Security Bulletin: IBM API Connect is impacted by a directory traversal vulnerability in Drupal core SA-CORE-2021-001 (CVE-2020-36193)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-36193 DESCRIPTION: ArchiveTar could allow a remote attacker to traverse directories on the system, caused by inadequate checking of symbolic links. An attacker could send a specially-crafted U...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Node.js and OpenSSL (CVE-2020-1971, CVE-2020-8265, CVE-2020-8287)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this...

Security Bulletin: IBM API Connect V5 is impacted by a denial of service (DoS) vulnerability in NTP (CVE-2020-15025)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-15025 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a memory leak when a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file in ntpd. By sending...

Security Bulletin: IBM API Connect V5 is impacted by a denial of service (DoS) vulnerability in NTP (CVE-2020-11868)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet with a spoofed source IP address, a remote attacker could exploit this...

Unspecified Vulnerability in IBM API Connect

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

Information disclosure

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

CVE-2021-20440

Summary of CVE-2021-20440 (IBM API Connect) : The vulnerability allows an attacker who is a valid user in the API Manager’s user registry to use a stolen invitation link to register as a member of an API provider organization, due to insufficient restriction of recipient scope. Affected products/...

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

Security Bulletin: IBM API Connect's API Manager is vulnerable to invitation and registration link tampering (CVE-2021-20440)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-20440 DESCRIPTION: IBM API Manager does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen...

Security Bulletin: IBM API Connect is impacted by a denial of service (DoS) vulnerability in OpenSSL (CVE-2020-1971)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Docker (CVE-2021-21285, CVE-2021-21284)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-21285 DESCRIPTION: Docker is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to pull a specially-crafted Docker image, a remote attacker could...

IBM API Connect Information Disclosure Vulnerability (CNVD-2021-17207)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure vulnerability exists in IBM API Connect 10.0.1.0. The vulnerability stems from insecure communication during database replication. An attacker could exploit the vulnerability to view unencrypted data...

IBM API Connect Information Disclosure Vulnerability (CNVD-2021-17208)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure vulnerability exists in IBM API Connect 10.0.1.1, 2018.4.1.0-2018.4.1.13. An attacker who intercepts a registration invitation link can use this vulnerability to impersonate a registered user or obtain...

CVE-2020-4695

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality...