Security Bulletin: IBM API Connect is affected by multiple vulnerabilities in Drupal (CVE-2018-7603)

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-7603 DESCRIPTION: The Search Autocomplete for Drupal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerabili...

Security Bulletin: IBM API Connect is affected by Foreshadow Spectre Variant vulnerability (CVE-2018-3646 CVE-2018-3615 CVE-2018-3620)

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting...

Security Bulletin: IBM API Connect is affected by OpenSSL vulnerabilities (CVE-2018-0732 CVE-2018-12115 CVE-2018-7166 CVE-2018-0737)

Summary IBM API Management has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS...

IBM API Connect Server-Side Request Forgery Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A server-side request forgery vulnerability exists in IBM API Connect versions 2018.1.0 through...

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

CVE-2018-1789

CVE-2018-1789 : IBM API Connect v2018.1.0–v2018.3.4 is affected by a Server-Side Request Forgery (SSRF) in its proxy service. The vulnerability allows a crafted request to reach unintended internal resources. IBM’s bulletin lists affected versions and reinforces an upgrade path to mitigate: remed...

Server side request forgery (ssrf)

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

Security Bulletin: IBM API Connect is vulnerable to Server Side Request Forgery (CVE-2018-1789)

Summary IBM API Connect has addressed the following vulnerability: IBM API Connect is vulnerable to Server Side Request Forgery via a proxy service. Vulnerability Details CVEID: CVE-2018-1789 DESCRIPTION: IBM API Connect v2018.x could allow an attacker to send a specially crafted request to condu...

Security Bulletin: IBM API Connect is affected by a clickjacking vulnerability (CVE-2018-1599)

Summary IBM API Connect has addressed the following vulnerability. API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious website, a remote attacker could exploit this vulnerability to hijack the victim's click actions an...

Security Bulletin: IBM API Connect is impacted by a Drupal 8 vulnerability (CVE-2018-14773)

Summary IBM API Connect has fixed the following vulnerability. API Connect is impacted by vulnerabilities addressed in the Drupal 8 advisory https://www.drupal.org/SA-CORE-2018-005 Vulnerability Details CVEID: CVE-2018-14773 DESCRIPTION: Drupal Core could allow a remote attacker to bypass securit...

IBM API Connect Clickjacking Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A clickjacking vulnerability exists in IBM API Connect. A remote attacker can exploit this vulnerability by tricking a victim into visiting a malicious website to hijack the victim's click-through actions and potentially launch...

CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

Design/Logic Flaw

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...

CVE-2018-1599

CVE-2018-1599 affects IBM API Connect 5.0.0.0 through 5.0.8.3, allowing a remote attacker to hijack a victim’s clicking actions by enticing them to a malicious website (clickjacking). IBM’s bulletin confirms exposure for IBM API Connect versions 5.0.0.0–5.0.8.4 and 2018.1–2018.3.4, with remediati...

IBM API Connect Server-Side Request Forgery Vulnerability

IBM API Connect aka APIConnect is a set of integrated solutions for managing the API lifecycle from IBM in the United States. The solution supports creating, running, managing and protecting APIs and microservices, etc. Developer Portal is one of the developer portals. A server-side request forge...

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...