38 matches found
EUVD-2014-6058
Malware in sbrugna...
EUVD-2014-3057
Malware in sbrugna...
EUVD-2015-0187
Malware in sbrugna...
EUVD-2013-0570
Malware in sbrugna...
EUVD-2014-6019
Malware in sbrugna...
Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268)
Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...
Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1991 DESCRIPTION: IBM API Connect could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. CVSS Base Score: 2.7...
Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002101 DESCRIPTION: Kubernetes could allow a remote attacker to traverse directories on the system, caused by the improper handling of symlinks. By persuading a victim to use the kubectl cp...
Security Bulletin: API Connect is affected by insecure caching (CVE-2018-1874)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1874 DESCRIPTION: IBM API Connect could display highly sensitive information to an attacker with physical access to the system. CVSS Base Score: 4.6 CVSS Temporal Score: See for the current...
Security Bulletin: API Connect is affected by an information disclosure vulnerability in the consumer API (CVE-2018-2009)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2009 DESCRIPTION: IBM API Connect v2018 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs,...
Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1976 DESCRIPTION: IBM API Connect V5 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive informatio...
Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1859 DESCRIPTION: IBM API Connect V5 could allow a user authenticated as an administrator with limited rights to escalate their privileges. CVSS Base Score: 4.3 CVSS Temporal Score: See for th...
Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.
Summary IBM has released the 5.0.8.2 iFix for IBM API Connect in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM API Management 4.0.0.0-4.0.4.6 IBM API Connect...
Security Bulletin: Weaker than expected security in IBM API Connect Developer Portal (CVE-2017-6922)
Summary IBM API Connect Developer Portal could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to the private file system. Vulnerability Details CVEID: CVE-2017-6922 DESCRIPTION: Drupal could allow a remote attacker to bypass security restrictions...
Security Bulletin: Weaker than expected security in IBM API Connect (CVE-2017-1386)
Summary IBM API Connect has addressed the following vulnerability which allows the possibility of bypassing password policy. Vulnerability Details CVEID:CVE-2017-1386 DESCRIPTION: IBM API Connect could allow a user to bypass policy restrictions and create non-compliant passwords which could be...
Security Bulletin: Multiple vulnerabilities in Drupal Core affect IBM API Management (CVE-2016-9449, CVE-2016-9450, CVE-2016-9451, CVE-2016-9452)
Summary Drupal is used by the Advanced Developer Portal in IBM API Management. IBM API Management has updated the level of Drupal it provides to address the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9449 DESCRIPTION: Drupal Core could allow a remote authenticated attacker to obtain...
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM API Connect (CVE-2016-5597)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 that is used by IBM API Connect. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5597 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM API Management (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180)
Summary OpenSSL vulnerabilities disclosed on August and September 2016 by the OpenSSL Project. OpenSSL is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused ...
Security Bulletin: Vulnerability in the GNU C Library (glibc) affects IBM API Management (CVE-2015-7547)
Summary IBM API Management is affected by a vulnerability in GNU glibc. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nssdns backend for the...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a...