Information disclosure

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542...

CVE-2019-4155

CVE-2019-4155 affects IBM API Connect’s Developer Portal (versions 2018.1–2018.4.1.3). The privilege escalation vulnerability arises when the portal is integrated with an OpenID Connect (OIDC) user registry. IBM’s security bulletin confirms the issue and lists the affected VRMF: 2018.1–2018.4.1.3...

CVE-2019-4051

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542...

CVE-2019-4051

CVE-2019-4051 affects IBM API Connect 2018.1–2018.4.1.3, where certain URIs disclose system-specification details such as machine id, system UUID, filesystem paths, network interface names and MAC addresses. This information disclosure could enable targeted attacks. The IBM bulletin confirms reme...

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. IBM X-Force ID: 158544...

Security Bulletin: IBM API Connect's Developer Portal is impacted by a privilege escalation vulnerability (CVE-2019-4155)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4155 DESCRIPTION: IBM API Connect's Developer Portal is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. CVSS Base Score: 8.8 CVSS...

Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-8331 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit...

Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Drupal

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: Not Applicable DESCRIPTION: EU Cookie Compliance module for Drupal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

Security Bulletin: API Connect V2018 is impacted by sensitive information disclosure (CVE-2019-4051)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4051 DESCRIPTION: Some URIs in API Connect disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses...

Security Bulletin: IBM API Connect Developer Portal is affected by multiple PHP vulnerabilities (CVE-2019-9641 CVE-2019-9637 CVE-2019-9639 CVE-2019-9638)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9638 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an uninitialized read flaw in the exifprocessIFDinMAKERNOTE method. An attacker could...

Security Bulletin: API Connect V2018 is impacted by vulnerability in the Kubernetes API server (CVE-2019-1002100)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002100 DESCRIPTION: The Kubernetes API server is vulnerable to a denial of service. By sending a specially crafted patch of type "json-patch" requests, a remote authenticated attacker could...

Design/Logic Flaw

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636...

CVE-2018-1874

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636...

CVE-2018-1874

CVE-2018-1874 affects IBM API Connect versions 5.0.0.0–5.0.8.5 and could display highly sensitive information to an attacker with physical access, due to an information-disclosure path exposed by insecure caching. The vulnerability is documented with a CVSS v3 base score of 4.6 (MEDIUM) and a CVS...

CVE-2018-1874

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636...

Security Bulletin: IBM API Connect is impacted by multiple open source software vulnerabilities.

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...

IBM API Connect Information Disclosure Vulnerability (CNVD-2020-19863)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect. An attacker could exploit the vulnerability ...

Security Bulletin: API Connect V5 is impacted by weak cryptographic algorithms (CVE-2018-2007)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2007 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal...

Security Bulletin: API Connect is impacted by multiple nodeJS vulnerabilities (CVE-2018-12122 CVE-2018-12121 CVE-2018-12123 CVE-2018-12116)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending headers very slowly keeping HTTP or HTTPS connections and associated...

Security Bulletin: API Connect is affected by insecure caching (CVE-2018-1874)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1874 DESCRIPTION: IBM API Connect could display highly sensitive information to an attacker with physical access to the system. CVSS Base Score: 4.6 CVSS Temporal Score: See for the current...