IBM API Connect Information Disclosure Vulnerability (CNVD-2019-18508)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.6 iFix 1. An...

Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4382 DESCRIPTION: IBM API Connect could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. CVSS Base Score: 5.3 CVSS Temporal...

Security Bulletin: API Connect V5 is vulnerable to CSRF attacks (CVE-2018-1858)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1858 DESCRIPTION: IBM API Connect V5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

Security Bulletin: IBM API Connect Developer Portal is impacted by a vulnerability in Drupal core (CVE-2019-11831)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11831 DESCRIPTION: The PharStreamWrapper package as used in Typo3 and Drupal could allow a remote attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM API Connect. IBM API Connect has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-11212 DESCRIPTION: libjpeg is vulnerable to a...

Security Bulletin: API Connect V2018 is impacted by software stack information leak (CVE-2018-2011)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2011 DESCRIPTION: IBM API Connect could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system...

Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2013 DESCRIPTION: IBM API Connect could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. CVSS Base Score: 5.3 CVSS Temporal Score: S...

Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...

Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and...

Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in IBM Java SDK (CVE-2018-3139 CVE-2018-3180)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM API Connect version 5. IBM API Connect has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified...

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-11358)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-10911 DESCRIPTION: Drupal core could allow a remote attacker to bypass security restrictions, caused by a flaw in the cookie management. By using a specially-crafted cookie, an attacker could...

Code injection

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944...

CVE-2019-4256

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944...

CVE-2019-4256

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944...

CVE-2019-4256

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944...

CVE-2019-4256

IBM API Connect is affected by CVE-2019-4256 for versions 5.0.0.0 through 5.0.8.6, where weaker cryptographic algorithms could allow decryption of highly sensitive information. The issue specifically affects the cryptographic implementation in API Connect. The recommended remediation is to upgrad...

PT-2019-16996 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For versio...

Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in PHP (CVE-2019-11035 CVE-2019-11034)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11034 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by heap-based buffer overflow in the exifprocessIFDTAG function in the EXIF extension. By persuadin...

Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4256 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal Score:...

CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284...