CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626...

PT-2019-16838 · Ibm · Api Connect

Name of the Vulnerable Software and Affected Versions: API Connect versions 2018.1 through 2018.4.1.1 Description: The issue concerns an access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. Recommendations: For API Connect versions 2018.1 throu...

Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6339 DESCRIPTION: Drupal core could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in PHP's built-in phar stream wrapper. By sending a...

Security Bulletin: API Connect V2018 is impacted by access token leak (CVE-2019-4008)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4008 DESCRIPTION: API Connect V2018 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. CVSS Base Score: 9 CVSS Temporal...

Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-3251 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high...

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031...

Information disclosure

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031...

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031...

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031...

CVE-2018-1976

IBM. API Connect 5.0.0.0–5.0.8.4 is affected by a REST API–driven information disclosure that could allow a user with administrative privileges to obtain highly sensitive data. The root cause is described as a sensitive information disclosure via a REST API. The issue is addressed in IBM API Conn...

Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-16276 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking in the yurexread function in drivers/usb/misc/yurex.cr. By sending a specially-crafte...

Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1976 DESCRIPTION: IBM API Connect V5 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive informatio...

Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: IBM API Connect is affected by multiple GSKit and OpenSSL vulnerabilities

Summary IBM API Connect has addressed multiple vulnerabilities in GSKit and OpenSSL. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to...

CVE-2018-1932

IBM API Connect 5.0.0.0–5.0.8.4 is affected by a vulnerability in the role‑based access control of the management server that could allow an authenticated user to obtain highly sensitive information. The CVSS 3.0 vector is CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N with a base score of 4.9 (MED...

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175...

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175...

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258...

Code injection

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258...