3 matches found
Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)
Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...
Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922)
Summary IBM API Connect Developer Portal could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to the private file system. Vulnerability Details CVEID: CVE-2017-6922 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions...
CVE-2018-1469
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...