CVE-2018-1712

IBM API Connect Developer Portal versions 5.0.0.0–5.0.8.3 are vulnerable to Server-Side Request Forgery (SSRF). The vulnerability arises from input parameters that can cause the server to issue requests inside the trusted network. IBM’s Security Bulletin confirms remediation in Version 5.0.8.3 iF...

Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via https-proxy-agent/[email protected] (CVE-2018-3739)

Summary IBM API Connect has addressed the following vulnerability. Node.js https-proxy-agent module is vulnerable to a denial of service, caused by passing the auth option to the Buffer constructor without proper sanitization. A remote attacker could exploit this vulnerability using the auth...

IBM API Connect Developer Portal Privilege Gain Vulnerability

IBM API Connect aka APIConnect is a set of integrated solutions for managing the API lifecycle from IBM in the United States. The solution supports creating, running, managing and protecting APIs and microservices, etc. Developer Portal is one of the developer portals. A privilege acquisition...

Security Bulletin: API Connect Developer Portal is affected by multiple PHP vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. Several security issues were fixed in PHP's HTML-embedded scripting language interpreter. Vulnerability Details CVEID: CVE-2018-10549 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused...

Authentication flaw

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication TFA while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483...

CVE-2018-1638

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication TFA while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483...

CVE-2018-1638

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication TFA while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483...

CVE-2018-1638

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication TFA while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483...

CVE-2018-1638

The vulnerability CVE-2018-1638 affects IBM API Connect (Developer Portal) versions 5.0.0.0–5.0.8.3, where two-factor authentication (TFA) is not enforced when resetting a user password, while it is enforced for other login scenarios. This bypass could allow an attacker to gain full access if the...

Security Bulletin: API Connect is affected by a weak two factor authentication vulnerability

Summary IBM API Connect has addressed the following vulnerability. API Connect user are affected by a TwoFactor 2FA/TFA bypass while resetting password. Using API Connect version 5.0.8.3 and with Two Factor Authentication enabled on the Developer Portal it is possible to bypass TFA and get full...

IBM API Connect Information Disclosure Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure vulnerability exists in IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4. An attacker can exploit the vulnerability to obtain sensitive information...

CVE-2018-1548

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657...

Design/Logic Flaw

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657...

CVE-2018-1548

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657...

CVE-2018-1548

CVE-2018-1548 affects IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4, causing information disclosure to an authenticated user. The connected documents confirm the vulnerable product and versions, and state that the vulnerability could allow access to sensitive information....

CVE-2018-1548

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657...

IBM API Connect Information Disclosure Vulnerability (CNVD-2018-12869)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.3, which stems from...

CVE-2018-1546

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1546

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

Information disclosure

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...