Cross site scripting

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2020-4838

IBM API Connect 5.0.0.0–5.0.8.10 is vulnerable to stored cross-site scripting in the Developer Portal/Web UI, allowing arbitrary JavaScript in a trusted session and potentially exposing credentials. Affected versions: 5.0.0.0–5.0.8.10. Remediation: fix in 5.0.8.10 iFix released 2020-12-18. No exp...

CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990...

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990...

Design/Logic Flaw

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990...

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990...

Security Bulletin: IBM API Connect V5 is vulnerable to cross-site scripting in jQuery (CVE-2015-9251)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-craft...

Security Bulletin: IBM API Connect V5 is impacted by vulnerabilities in Java (CVE-2020-14621, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and...

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via PHP (CVE-2020-7068)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7068 DESCRIPTION: PHP is vulnerable to a denial of service, caused by the use of freed hash key in the pharparsezipfile function. By persuading a victim to open a specially crafted file, a...

Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (CVE-2020-4899)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4899 DESCRIPTION: IBM API Connect could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. CVSS Bas...

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990...

Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-13664 DESCRIPTION: Drupal core could allow a remote attacker to execute arbitrary code on the system, caused by code injection flaw. By persuading a victim to visit a specially-crafted web...

Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size MSS. By sending specially-crafted MSS traffic, a remote attacker cou...

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to social engineering attacks (CVE-2020-4337)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4337 DESCRIPTION: IBM API Connect could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. CVSS Base score: 6...

Security Bulletin: API Connect is vulnerable to denial of service (CVE-2020-16845)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted input, a...

Security Bulletin: API Connect is vulnerable to denial of service via Kubernetes (CVE-2020-8557, CVE-2020-8559)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating...

Security Bulletin: IBM API Connect's API Manager is vulnerable to privilege escalation(CVE-2020-4638)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4638 DESCRIPTION: IBM API Connect's API Manager is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link...

Security Bulletin: IBM API Connect V 2018 is impacted by a vulnerability in Go (Golang) (CVE-2020-7919)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score...

Security Bulletin: IBM API Connect V10 is impacted by denial of service vulnerabilities in Crunchy kernel (CVE-2020-8616, CVE-2020-8617)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-8616 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. By using specially crafted referral...