CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

Sql injection

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1784

The CVE-2018-1784 entry affects IBM API Connect 5.0.0.0–5.0.8.4 due to a NoSQL Injection in the MongoDB connector for the LoopBack framework. Affected component: LoopBack MongoDB connector; root cause: NoSQL injection vulnerability. Impact notes from sources indicate high severity (CVSSv3 base sc...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1778

CVE-2018-1778 (IBM API Connect / LoopBack) affects IBM API Connect versions 2018.1 through 2018.4.1 and 5.0.8.0 through 5.0.8.4. The vulnerability arises when the AccessToken model is exposed via a REST API, enabling an attacker to create an access token for any user who has a known userId, poten...

Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1784 DESCRIPTION: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. CVSS Base Score: 7.1 CVSS Temporal Score: See for the current score CVSS...

Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778)

Summary API Connect has addressed the following vulnerability. IBM LoopBack could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, because it is then possible for anyone to create an AccessToken for any User, provided they know the userID and can hen...

StoreFront Loopback Feature analysis when configuring Base URL for load balance

In previous versions of StoreFront such as 2.6 or older, Citrix recommended that you manually modify the hosts file on each StoreFront server to map the fully qualified domain name FQDN of the load balancer to the loopback address or the IP address of the specific StoreFront server. This ensures...

VirtualBox virtual machine latest escape vulnerability E1000 0day detailed analysis of under-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2.20 early version of the zero-day exploit detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take advantage of...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

NoSQL Injection

loopback-connector-mongodb is susceptible to NoSQL injection attack. The buildWhere and buildSort functions fail to sanitize the filter passed to the database query, allowing the attacker to inject and execute arbitrary NoSQL queries...

NoSQL Injection

Overview Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the speci...

February 22, 2018—KB4075213 (Preview of Monthly Rollup)

February 22, 2018—KB4075213 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4074593 released February 13, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates...

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...