Code injection

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263...

CVE-2019-4402

Summary: CVE-2019-4402 affects IBM API Connect Developer Portal versions 2018.1–2018.4.1.6. An unauthorized user could cause a DoS via an unprotected API. The vulnerability’s remediation is IBM API Connect v2018.4.1.7 and later fixes for the portal package. The public sources in the connected doc...

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 163681...

CVE-2019-4460

The vulnerability CVE-2019-4460 affects IBM API Connect up to version 5.0.8.6, where the developer portal could be exploited to traverse directories by sending URL requests containing dot-dot sequences (../) to view arbitrary files. Root cause is a path traversal flaw in the portal component, exp...

CVE-2019-4402

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263...

PT-2019-17093 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on t...

Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-11888)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11888 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by mishandling process creation. By using a nil environment in conjunction with a non-nil...

Security Bulletin: IBM API Connect's Developer Portal is impacted by a path traversal vulnerability.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: Not Applicable DESCRIPTION: Advanced Forum module for Drupal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-9634)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9634 DESCRIPTION: Go could allow a remote attacker to execute arbitrary code on the system, caused by a improper loading of Dynamic-link library in the LoadLibrary function. By persuading a...

Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-11841)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11841 DESCRIPTION: Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could...

Security Bulletin: IBM API Connect Developer Portal V2018 is vulnerable to denial of service(DoS) attacks(CVE-2019-4402)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4402 DESCRIPTION: IBM API developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. CVSS Base Score: 8.6 CVSS Temporal Score: See for the current...

Security Bulletin: API Connect V2018 is impacted by a vulnerability in nginx (CVE-2018-16843 CVE-2018-16844)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-16843 DESCRIPTION: nginx is vulnerable to a denial of service, caused by a flaw when complied with ngxhttpv2module. By sending a specially-crafted HTTP/2 request, a remote attacker could explo...

Security Bulletin: API Connect V2018 is impacted by a Kubernetes vulnerability(CVE-2019-11246)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11246 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system. By persuading a victim to use the kubectl cp command with a malicious container, an attacker...

Security Bulletin: API Connect V2018 (ova) is impacted by vulnerabilities in Ubuntu OS (CVE-2019-4504)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4504 DESCRIPTION: A vulnerability in API Connect could inadvertently remove some security patches which could open the machine up to additional attacks. CVSS Base Score: 7.5 CVSS Temporal Scor...

Security Bulletin: Multiple vulnerabilities in node JS (core and 3rd party modules) affect IBM API Connect

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-16487 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this...

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in OpenSSL (CVE-2019-1559)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length...

Security Bulletin: IBM API Connect's Developer Portal is impacted by a path traversal vulnerability (CVE-2019-4460)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4460 DESCRIPTION: IBM API Connect developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot...

Security Bulletin: API Connect is impacted by an information leakage vulnerability in Oracle MySQL (CVE-2018-3123)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-3123 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: libmysqld component could allow an unauthenticated attacker to obtain sensitive information resulting i...

Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11038 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an uninitialized read in the gdImageCreateFromXbm function. By sending a specially-crafted...

CVE-2018-1858

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256...