IBM API Connect and API Management Security Bypass Vulnerability

IBM API Connect and API Management are both products of IBM Corporation in the U.S. IBM API Connect also known as APIConnect is a set of integrated solutions for managing the API lifecycle.API Management is a set of API management platforms from IBM Corporation in the U.S.. A security bypass...

Design/Logic Flaw

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160...

CVE-2017-1386

CVE-2017-1386 affects IBM API Connect 5.0.0.0 (and related product versions) where a user could bypass password policy and create non‑compliant passwords that might be intercepted and decrypted via man‑in‑the‑middle techniques. The IBM Security Bulletin details affected ranges: API Connect 5.0.0....

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

CVE-2017-1328

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID:...

Security feature bypass

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID:...

CVE-2017-1328

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID:...

Xxe

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

CVE-2017-1322

CVE-2017-1322 affects IBM API Connect 5.0.6.0 (and related versions) with an XML External Entity Injection (XXE) when processing XML data. Root cause: XXE vulnerability in XML parsing that can disclose sensitive information and consume memory/resources. Affected versions include 5.0.6.0; CNVD not...

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

CVE-2017-1328

IBM API Connect 5.0.0.0–5.0.6.2 contains a security bypass vulnerability (CVE-2017-1328) caused by improper handling of security policy, allowing remote attackers to access APIs without valid credentials. The IBM Security Bulletin documents the affected product and versions, the root cause, and t...

CVE-2017-1328

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID:...

IBM API Connect Security Bypass Vulnerability

IBM API Connect is an API management solution that addresses all key aspects of the API lifecycle in on-premise and cloud environments. A security bypass vulnerability exists in IBM API Connect. An attacker could use this vulnerability to bypass certain security restrictions and perform...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

Information disclosure

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

CVE-2017-1379

IBM API Connect 5.0.0.0–5.0.7.1 is affected by CVE-2017-1379, an information disclosure vulnerability caused by improper handling of Developer Portal requests. Remote attacker could obtain sensitive information. IBM’s bulletin lists affected versions and provides remediation via iFixes containing...