CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258...

CVE-2018-1859

CVE-2018-1859 affects IBM API Connect 5.0.0.0–5.0.8.4, where a user authenticated as an administrator with limited rights can escalate privileges. The IBM bulletin confirms the affected product versions and provides remediation: upgrade to IBM API Connect V5.0.8.5 fixpack (remediation package API...

Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1932 DESCRIPTION: IBM API Connect is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive...

Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1859 DESCRIPTION: IBM API Connect V5 could allow a user authenticated as an administrator with limited rights to escalate their privileges. CVSS Base Score: 4.3 CVSS Temporal Score: See for th...

Security Bulletin: IBM API Connect Developer Portal is affected by Insecure Session Management in Drupal

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: Not Applicable DESCRIPTION: Session Limit module for Drupal could allow a remote attacker to obtain sensitive information, caused by improper tokenize of the list of sessions. By inspecting the forms, ...

IBM API Connect Privilege Acquisition Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in the MongoDB connector for the LoopBack framework in IBM API Connect...

IBM API Connect Elevation of Privilege Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. An elevation of privilege vulnerability exists in the members feature in IBM API Connect versions...

IBM API Connect Authentication Bypass Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. An authentication bypass vulnerability exists in LoopBack in IBM API Connect versions 2018.1 through...

Code injection

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914...

CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914...

Authentication flaw

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

Sql injection

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914...

CVE-2018-1784

The CVE-2018-1784 entry affects IBM API Connect 5.0.0.0–5.0.8.4 due to a NoSQL Injection in the MongoDB connector for the LoopBack framework. Affected component: LoopBack MongoDB connector; root cause: NoSQL injection vulnerability. Impact notes from sources indicate high severity (CVSSv3 base sc...

CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1778

CVE-2018-1778 (IBM API Connect / LoopBack) affects IBM API Connect versions 2018.1 through 2018.4.1 and 5.0.8.0 through 5.0.8.4. The vulnerability arises when the AccessToken model is exposed via a REST API, enabling an attacker to create an access token for any user who has a known userId, poten...

CVE-2018-1973

CVE-2018-1973 affects IBM API Connect 5.0.0.0–5.0.8.4. A user with limited API Administrator rights can elevate to full Administrator access via the members functionality. CVSS v3 base score 7.2 (HIGH); vectors: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Remediation: patch in V5.0.8.5 (fixpack) per IBM...