Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)

Summary API Connect has addressed the following vulnerability. Node.js tough-cookie module is vulnerable to a denial of service, caused by a regular expression error. By using a sufficiently large HTTP request Cookie header, a remote attacker could exploit this vulnerability to cause the...

Security Bulletin: API Connect is affected by a Node.js denial of service vulnerability (CVE-2017-14919)

Summary IBM API Connect has addressed the following vulnerability. Node.js is vulnerable to a denial of service, caused by an uncaught exception flaw in the zlib module. By making 8 an invalid value for the windowBits parameter, a remote attacker could exploit this vulnerability to cause the...

Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382

Summary API Connect has addressed the following vulnerability. IBM API Connect is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a...

Security Bulletin: API Connect Developer Portal is affected by authenticated user access to sensitive information vulnerability (CVE-2017-1785)

Summary API Connect has addressed the following vulnerability. API Connect Developer Portal could allow an authenticated remote user to modify query parameters to obtain sensitive information. Vulnerability Details CVEID: CVE-2017-1785 DESCRIPTION: API Connect Developer Portal could allow an...

Security Bulletin: API Connect is affected by weaker than expected cryptographic algorithm usage vulnerability (CVE-2018-1385)

Summary API Connect has addressed the following vulnerability. IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2018-1385 DESCRIPTION: IBM API Connect uses weaker than expected...

Security Bulletin: API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

Summary API Connect Developer Portal has addressed the following vulnerability. IBM API Connect Developer Portal is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality and potentially leadin...

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM API Connect (CVE-2017-7668, CVE-2017-7679)

Summary IBM API Connect has addressed Apache HTTPD vulnerabilities involving access to sensitive information and potential denial of service. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499)

Summary IBM API Connect has addressed Node.js vulnerabilities involving access to sensitive information and potential denial of service. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read...

Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. API Connect Portal is affected by multiple Drupal vulnerabilities. Vulnerability Details CVEID: CVE-2017-6925 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions, caused by a flaw in the entity acce...

Security Bulletin: API Connect is affected by a vulnerability by which an authenticated user could generate an API token

Summary API Connect has addressed the following vulnerability. An authenticated user could be allowed to generate an API token when not subscribed to the application plan. Vulnerability Details CVEID: CVE-2017-1555 DESCRIPTION: IBM API Connect could allow an authenticated user to generate an API...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to th...

Security Bulletin: API Connect is affected by a Cross Frame Scripting vulnerability CVE-2017-1551

Summary API Connect has addressed the following vulnerability. IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2017-1551 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the...

Security Bulletin: API Connect Portal is affected by multiple Drupal vulnerabilities

Summary IBM API Connect has addressed the following vulnerabilities. API Connect Portal is affected by multiple Drupal vulnerabilities. Vulnerability Details Vulnerability Details CVEID:CVE-2017-6924 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions, caused by a fl...

Security Bulletin: API Connect minimatch CVE-2017-1556

Summary API Connect has addressed the following vulnerability. API Connect is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. Vulnerability Details CVEID: CVE-2017-1556 DESCRIPTION: IBM API Connect is...

Security Bulletin: API Connect OpenSSL CVE-2016-2183

Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. This vulnerability is known as the SWEET32 Birthday attack. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow...

Security Bulletin: API Connect is affected by an Apache HTTP Server vulnerability (CVE-2011-3192)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2011-3192 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an error in the ByteRange filter when processing malicious requests. By sending a specially-crafted HTTP reques...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect API Connect

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in January 2017 and April 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified vulnerability related to the...

Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922)

Summary IBM API Connect Developer Portal could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to the private file system. Vulnerability Details CVEID: CVE-2017-6922 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions...

Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386)

Summary IBM API Connect has addressed the following vulnerability which allows the possibility of bypassing password policy. Vulnerability Details CVEID:CVE-2017-1386 DESCRIPTION: IBM API Connect could allow a user to bypass policy restrictions and create non-compliant passwords which could be...

Security Bulletin: IBM API Connect is affected by an information disclosure vulnerability (CVE-2017-1379).

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1379 DESCRIPTION: IBM API Connect could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. CVSS Base Score: 5.3 CVSS...