Information disclosure

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284...

CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284...

CVE-2018-1991

IBM API Connect 5.0.0.0–5.0.8.6 is affected by an information-disclosure vulnerability (CVE-2018-1991) that could reveal sensitive information about the underlying software stack via CMC UI headers. The root cause is a disclosure in requests/responses that exposes internal details. Affected produ...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-40899)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect versions 5.0.0.0 through...

Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1991 DESCRIPTION: IBM API Connect could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. CVSS Base Score: 2.7...

Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9946 DESCRIPTION: Kubernetes could provide weaker than expected security, caused by an interaction when paired with the embedded CNI Container Networking Interface that uses the portmap plugin...

Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

Design/Logic Flaw

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

CVE-2018-2015

IBM API Connect 2018.1–2018.4.1.4 is affected by a clickjacking (UI redress) vulnerability that could allow a remote attacker to hijack the victim’s clicking actions by luring them to a malicious site. The issue is identified as CVE-2018-2015. A fix is available: IBM API Connect v2018.4.1.5 fixpa...

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

Security Bulletin: API Connect V2018 is impacted by a vulnerability in Golang (CVE-2019-9741)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-9741 DESCRIPTION: Golang GO is vulnerable to HTTP header injection, caused by improper validation of input in the http.NewRequest. By sending a specially-crafted request, a remote attacker cou...

Security Bulletin: IBM API Connect is affected by a clickjacking vulnerability (CVE-2018-2015)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2015 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could explo...

Security Bulletin: IBM API Connect is affected by vulnerabilities in Node JS modules (CVE-2018-3721 CVE-2016-10531)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3721 DESCRIPTION: Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the...

Code injection

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078...

Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-14042 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the the data-container property of tooltip. A remote attacker could...