782 matches found
CVE-2022-34350 IBM API Connect security bypass
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
CVE-2022-34350
CVE-2022-34350 – IBM API Connect is affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. Affected versions: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.20. The issue can induce the application to perform server-side DNS ...
IBM API Connect 输入验证错误漏洞
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect that stems from...
Security Bulletin: IBM API Connect is impacted by an external service interaction vulnerability (CVE-2022-34350)
Summary IBM API Connect has addressed the following external service interaction vulnerability CVE-2022-34350. Vulnerability Details CVEID:CVE-2022-34350 DESCRIPTION: IBM API Connect is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remo...
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling (CVE-2022-35256)
Summary This issue may affect the management interface for the API Connect Gateway Service. IBM has addressed the CVE. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not...
CVE-2021-38997
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
CVE-2021-38997
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
Cross site scripting
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)
Summary IBM API Connect has addressed the following vulnerability in OpenSSL CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By...
CVE-2021-38997 IBM API Connect HOST header injection
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
CVE-2021-38997
IBM API Connect is affected by CVE-2021-38997 through multiple version ranges: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.19. The root cause is improper validation of input in the HOST header, leading to HTTP header injection. Reported impacts include cross-site scripting, cach...
CVE-2021-38997 IBM API Connect HOST header injection
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...
Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)
Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...
PT-2022-10836 · Ibm · Ibm Api Connect
Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.19 Description: The issue is caused by improper validation of input by the HOST headers...
Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)
Summary A vulnerable version of JQuery-UI was used by API Connect. The fix includes updated JQuery-UI which addresses CVE-2021-41184, CVE-2021-41183, and CVE-2021-41182. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...
Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)
Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...
PT-2022-6311 · Ibm · Ibm Api Connect
Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.20 Description: The issue is caused by improper validation of user-supplied input,...
Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
Summary IBM API Connect V10 is vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4. Spring-webmvc or...
Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)
Summary Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial ...
Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in Java SE (CVE-2020-14782)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact,...