IBM API Connect Information Disclosure Vulnerability (CNVD-2019-12760)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 2018.1 through 2018.4.1.2. An attack...

CVE-2019-4052

IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544...

CVE-2019-4052

IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544...

Code injection

IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544...

CVE-2019-4052

CVE-2019-4052 affects IBM API Connect versions 2018.1–2018.4.1.2. The vulnerability allows unauthenticated users to discover login IDs of registered users via API access, constituting an information-disclosure flaw. IBM’s IBMX-Force/NVD entries confirm an impact on login-id exposure with CVSS v3....

CVE-2019-4052

IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544...

PT-2019-16865 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 2018.1 through 2018.4.1.2 Description: The issue allows unauthenticated users to discover login ids of registered users by leveraging IBM API Connect apis. Recommendations: For IBM API Connect versions 2018.1 through...

Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4052 DESCRIPTION: IBM API Connect's apis can be leveraged by unauthenticated users to discover login ids of registered users. CVSS Base Score: 8.2 CVSS Temporal Score: See for the current scor...

CVE-2018-2009

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148...

CVE-2018-2009

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148...

CVE-2018-2009

IBM API Connect v2018.1–2018.4.1 is affected by an information-disclosure vulnerability in the consumer API. Any registered user can enumerate other users across all orgs, including email IDs and names. The CVE-2018-2009 issue has CVSSv3 base score 6.5 (confidentiality impact: HIGH). Affected ver...

CVE-2018-2009

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148...

Security Bulletin: API Connect V2018 is impacted by weak cryptographic algorithms (CVE-2018-2007)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2007 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal...

Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2009 DESCRIPTION: IBM API Connect v2018 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs,...

Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6340 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary PHP code on the system, caused by improper input validation in some field types. By sending a specially-crafted...

Security Bulletin: IBM API Connect is affected by a critical vulnerability in Kubernetes via runc (CVE-2019-5736)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-5736 DESCRIPTION: Runc could allow a local attacker to execute arbitrary commands on the system, caused by the improper handling of system file descriptors when running containers. An attacker cou...

CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626...

CVE-2019-4008

CVE-2019-4008 affects IBM API Connect V2018.1–2018.4.1.1. The issue is an access token leak where authorization tokens in some URLs could be written to log files, enabling disclosure of credentials. Affected product: IBM API Connect (API Management) 2018.x. Root cause: tokens exposed via logging ...

Authorization

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626...

CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626...