Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (PHP CVE-2020-7067)

Summary IBM API Connect had addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7067 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the urldecode function. By persuading a victim to open a...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7066, CVE-2020-7065, CVE-2020-7064)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7066 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an issue when the getheaders silently truncates anything after a null byte in the URL it uses. ...

CVE-2020-4452

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324...

CVE-2020-4452

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324...

Code injection

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324...

CVE-2020-4452

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324...

IBM API Connect Information Disclosure Vulnerability (CNVD-2020-36386)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 2018.4.1.0 through 2018.4.1.11, whic...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this...

Security Bulletin: IBM API Connect is vulnerable to cross-site scripting (XSS) in Drupal (sa-contrib-2020-025)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 183715 DESCRIPTION: Internationalization module for Drupal cross-site scripting CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183715 fo...

Security Bulletin: IBM API Connect V 2018 (ova) is impacted by weak cryptographic algorithms (CVE-2020-4452)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4452 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5.9 CVSS Temporal...

Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-8551 DESCRIPTION: Kubernetes kubelet API is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit th...

CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489...

CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489...

Cross site scripting

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489...

CVE-2020-4251

IBM API Connect versions 5.0.0.0–5.0.8.8 are vulnerable to cross-site scripting in the Web UI, allowing an attacker to inject arbitrary JavaScript that could lead to credentials disclosure in a trusted session. The root cause is XSS in the Web UI. Remediation: the vulnerability was addressed in I...

CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489...

IBM API Connect Open Redirect Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in the 'drupalgoto' function in IBM API Connect versions 5.0.0.0...

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2020-33089)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.8...

Security Bulletin: IBM API Connect V5 is impacted by an Open Redirect vulnerability in Drupal core(CVE-2020-13662)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13662 DESCRIPTION: Drupal Core could allow a remote attacker to conduct phishing attacks, caused by insufficient validation of the destination query parameter in the drupalgoto function. By...

Security Bulletin: IBM API Connect V5 is vulnerable to cross site scripting (XSS) (CVE-2020-4251)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4251 DESCRIPTION: IBM API Connect is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...