Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM API Connect (CVE-2016-5597)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 that is used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5597 DESCRIPTION: An...

Security Bulletin: Vulnerability in the GNU C Library (glibc) affects IBM API Management (CVE-2015-7547)

Summary IBM API Management is affected by a vulnerability in GNU glibc. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nssdns backend for the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-7575, CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM API Management. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerability Details CVEI...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM API Management (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM API Management. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 that is used by IBM API Management. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details Relevant CVE Information: CVEID: CVE-2015-4872 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM API Management (CVE-2015-4947 CVE-2015-1283 CVE-2015-1788)

Summary There are multiple vulnerabilities in IBM HTTP Server 8.5.5.4 that is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version7.0 that is used by IBM API Management. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM API Management (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM API Management. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly conv...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM API Management (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM API Management. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. By sending a specially crafted, but valid ho...

Security Bulletin: Multiple vulnerabilities in IBM API Management

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM API Management V2.0 and V3.0. Vulnerability Details CVEID: CVE-2014-0460 DESCRIPTION: An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity...

IBM API Connect and API Management Security Bypass Vulnerability

IBM API Connect and API Management are both products of IBM Corporation in the U.S. IBM API Connect also known as APIConnect is a set of integrated solutions for managing the API lifecycle.API Management is a set of API management platforms from IBM Corporation in the U.S.. A security bypass...

CVE-2017-7512

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...

Authentication flaw

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...

CVE-2017-7512

Technical details for CVE-2017-7512 are not publicly available in the provided documents. Monitor for updates to verify affected products, scope, and fixes.

CVE-2017-7512

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...

Important: Red Hat Security Advisory: Red Hat 3scale API Management Platform 2.0.0 security update

A security update for Red Hat 3scale API Management Platform 2.0.0 is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2017-7512

Red Hat 3scale aka RH-3scale API Management Platform AMP before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...