Managing Traffic From the Outset - How GTM Can Make Your Deployments Easier

What is GTM Global Traffic Management, or GTM, is a DNS-based load balancing service that offers application owners a level of flexibility and insight that is unmatched by traditional on-prem solutions. Highly scalable and fault-resilient, GTM offers customers a layer of abstraction between...

Quickly Extend Live Streams with VOD Clipping

Time is always of the essence to extend compelling video content such as sporting events and concerts and make the most of media rights windows. This is especially true for catch-up TV, highlight creation, time-shifting 24/7 simulcast streams, and social sharing. At Akamai, we are continually...

ArmourBird CSF - Container Security Framework

ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two...

Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.6.0 release and security update

A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Redhat 3scale API Management CVE-2019-14849 Information Disclosure Vulnerability

Description Redhat 3scale API Management is prone to an information-disclosure vulnerability Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Redhat 3scale API Management versions 2.6 and prior are vulnerable. Technologies Affected Redhat...

Stronger Together, Red Hat 3scale Integration

Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces APIs are becoming more common than ever before to enable communication between applications and end users. Even though they are...

Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...

Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1991 DESCRIPTION: IBM API Connect could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. CVSS Base Score: 2.7...

Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...

Security Bulletin: API Connect is affected by insecure caching (CVE-2018-1874)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1874 DESCRIPTION: IBM API Connect could display highly sensitive information to an attacker with physical access to the system. CVSS Base Score: 4.6 CVSS Temporal Score: See for the current...

F5 Networks Acquires NGINX For $670 Million

One of the most important software companies NGINX, which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks, in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you us...

Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2009 DESCRIPTION: IBM API Connect v2018 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs,...

Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1976 DESCRIPTION: IBM API Connect V5 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive informatio...

Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1859 DESCRIPTION: IBM API Connect V5 could allow a user authenticated as an administrator with limited rights to escalate their privileges. CVSS Base Score: 4.3 CVSS Temporal Score: See for th...

22K Open, Vulnerable Containers Found Exposed on the Net

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers Kubernetes, Mesos, Docker Swarms and more suff...

Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the 5.0.8.2 iFix for IBM API Connect in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM API Management 4.0.0.0-4.0.4.6 IBM API Connect...

Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922)

Summary IBM API Connect Developer Portal could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to the private file system. Vulnerability Details CVEID: CVE-2017-6922 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions...

Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386)

Summary IBM API Connect has addressed the following vulnerability which allows the possibility of bypassing password policy. Vulnerability Details CVEID:CVE-2017-1386 DESCRIPTION: IBM API Connect could allow a user to bypass policy restrictions and create non-compliant passwords which could be...

Security Bulletin: Multiple vulnerabilities in Drupal Core affect IBM API Management (CVE-2016-9449, CVE-2016-9450, CVE-2016-9451, CVE-2016-9452)

Summary Drupal is used by the Advanced Developer Portal in IBM API Management. IBM API Management has updated the level of Drupal it provides to address the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9449 DESCRIPTION: Drupal Core could allow a remote authenticated attacker to obtain...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Management (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180)

Summary OpenSSL vulnerabilities disclosed on August and September 2016 by the OpenSSL Project. OpenSSL is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused ...