CVE-2018-1546 IBM API Connect information disclosure

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2018-1546

IBM API Connect versions 5.0.0.0–5.0.8.3 are affected by CVE-2018-1546 due to failure to properly enable HTTP Strict Transport Security. This can lead to information disclosure via a man-in-the-middle. CVSS v3 base score is 5.9 (Network, High attack complexity, Privileges NONE, User interaction N...

Security Bulletin: IBM API Connect is impacted by a resource leakage vulnerability (CVE-2018-1548)

Summary IBM API Connect has addressed the following vulnerability. IBM API Connect contains a vulnerability that could allow an authenticated user to obtain sensitive information. Vulnerability Details CVEID: CVE-2018-1548 DESCRIPTION: IBM API Connect contains a vulnerability that could allow an...

Security Bulletin: IBM API Connect is affected by a Missing HTTP Strict Transport Security vulnerability (CVE-2018-1546)

Summary IBM API Connect has addressed the following vulnerability. IBM API Connect could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information...

Security Bulletin: IBM API Connect Developer Portal is vulnerable to potential denial of service

Summary IBM API Connect has addressed the following vulnerability. IBM API Connect is vulnerable to a denial of service, caused by a lack of rate limiting in the TCP listener application. By sending a TCP SYN flood, a remote attacker could exploit this vulnerability to exhaust CPU and memory...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM API Connect

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, and April 2018. Vulnerability Details CVEID: CVE-2017-10295 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: IBM API Connect Developer Portal is impacted by PHP vulnerabilities (CVE-2018-10548, CVE-2018-10546)

Summary IBM API Connect has addressed the following vulnerabilities. PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/ldap/ldap.c. By sending specially crafted data, an attacker could exploit this vulnerability to mishandle the ldapgetdn return value and cause...

Security Bulletin: Multiple vulnerabilities in Ubuntu affect IBM API Connect Developer Portal

Summary IBM API Connect Developer Portal has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1126 DESCRIPTION: procps-ng procps is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially crafted request, a remote attacker could...

Security Bulletin: IBM API Connect is affected by an Apache HTTP Server vulnerability (CVE-2017-12613)

Summary IBM API Connect has addressed the following vulnerability. Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array dereference in aprtimeexp functions. By using an invalid month field value, a remote attacker could exploi...

Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)

Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...

Security Bulletin: API Connect is affected by an information leakage vulnerability (CVE-2018-1468)

Summary API Connect has addressed the following vulnerability. An API Connect user can get access to internal environment and sensitive API details to which they are not authorized. Vulnerability Details CVEID:CVE-2018-1468 DESCRIPTION: An API Connect user can get access to internal environment a...

Security Bulletin: API Connect is affected by a session management vulnerability (CVE-2018-1532)

Summary API Connect has addressed the following vulnerability. IBM API Connect does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. Vulnerability Details CVEID: CVE-2018-1532 DESCRIPTION: IBM API Connect does no...

Security Bulletin: API Connect Developer Portal is affected by a Drupal vulnerability (CVE-2018-7602)

Summary IBM API Connect has addressed the following vulnerability. Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this vulnerability using multiple attack vectors to execute arbitrary code on t...

Security Bulletin: IBM API Connect is affected by an OPENSSL vulnerability (CVE-2017-3735)

Summary IBM API Connect Developer Portal has addressed the following vulnerability. OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger ...

Security Bulletin: IBM API Connect is affected by an Apache HTTP Server vulnerability (CVE-2014-0226)

Summary IBM API Connect has addressed the following vulnerability. Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by a race condition in the modstatus module when handling the scoreboard. By sending a specially-crafted request, a remote attacker could overflow a buffer a...

Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

Summary IBM API Connect has addressed the following vulnerabilities. API Connect Developer Portal is impacted by Drupal vulnerability: Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this...

Security Bulletin: IBM API Connect is affected by an OpenSSL vulnerability (CVE-2017-3736)

Summary IBM API Connect has addressed the following vulnerability. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x8664 Montgomery squaring function bnsqrx8xinternal. An attacker with online access to an unpatched system could...

Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the 5.0.8.2 iFix for IBM API Connect in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM API Management 4.0.0.0-4.0.4.6 IBM API Connect...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Connect (CVE-2017-3738, CVE-2017-3737)

Summary IBM API Connect has addressed the following vulnerabilities. OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An unspecified vulnerability in multip...

Security Bulletin: API Connect is affected by a generated LoopBack APIs vulnerability (CVE-2018-1389)

Summary API Connect has addressed the following vulnerability. IBM API Connect is impacted by a generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. Vulnerability Details CVEID:CVE-2018-1389 DESCRIPTION: IBM API Connect is...