Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13663 DESCRIPTION: Drupal core is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Form API. By persuading an authenticated user to visit a...

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL.

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-2763 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resultin...

IBM API Connect elevation of privilege vulnerability (CNVD-2020-50792)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An elevation of privilege vulnerability exists in API Manager for IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an invitee of an API provider organization to elevate privileges by manipulating the...

CVE-2020-4337

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933...

CVE-2020-4337

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933...

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508...

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508...

Privilege escalation

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508...

Code injection

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933...

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508...

CVE-2020-4337

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933...

CVE-2020-4638

CVE-2020-4638 affects IBM API Connect’s API Manager (versions 2018.4.1.0–2018.4.1.12). A privilege-escalation flaw allows an invitee to an API Provider organization to gain higher privileges by manipulating the invitation link. The IBM bulletin notes remediation: address in IBM API Connect V2018....

CVE-2020-4337

CVE-2020-4337 affects IBM API Connect 2018.4.1.0–2018.4.1.12, where an attacker could trigger the server to send user registration emails containing malicious URLs, enabling phishing. The IBM advisory (Vulnerability Details) confirms the affected product versions and impact, with a CVSS v3 base s...

Security Bulletin: IBM API Connect is impacted by a denial of service vulnerability in MySQL (CVE-2020-2752)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-2752 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an authenticated attacker to cause a denial of service resulting in a high...

Security Bulletin: IBM API Connect is impacted by a cross-site scripting vulnerability in jQuery (XForce ID 180875)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 for the current score. CVSS Vector...

Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (PHP CVE-2019-11048)

Summary IBM API Connect had addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11048 DESCRIPTION: PHP is vulnerable to a denial of service, caused by a flaw in the php-src/main/rfc1867.c. By uploading a specially crafted file, a remote attacker could exploit this...

Security Bulletin: IBM API Connect is vulnerable to a denial of service vulnerability in Oracle MySQL (CVE-2020-2589)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-2589 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high...

MustGather: Security Vulnerability issues for API Connect & DataPower Gateways

Problem This document describes the MustGather process for opening a security vulnerability case with IBM Support. How to report a security vulnerability with IBM Support: Before you report a security vulnerability issue with IBM Support, please take the following steps: 1. Test the vulnerability...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Java (CVE-2020-2654)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java.

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-2830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low...