IBM API Connect Authentication Bypass Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. An authentication bypass vulnerability exists in LoopBack in IBM API Connect versions 2018.1 through...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

Authentication flaw

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

Sql injection

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1778

CVE-2018-1778 (IBM API Connect / LoopBack) affects IBM API Connect versions 2018.1 through 2018.4.1 and 5.0.8.0 through 5.0.8.4. The vulnerability arises when the AccessToken model is exposed via a REST API, enabling an attacker to create an access token for any user who has a known userId, poten...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1784

The CVE-2018-1784 entry affects IBM API Connect 5.0.0.0–5.0.8.4 due to a NoSQL Injection in the MongoDB connector for the LoopBack framework. Affected component: LoopBack MongoDB connector; root cause: NoSQL injection vulnerability. Impact notes from sources indicate high severity (CVSSv3 base sc...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1784 DESCRIPTION: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. CVSS Base Score: 7.1 CVSS Temporal Score: See for the current score CVSS...

Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778)

Summary API Connect has addressed the following vulnerability. IBM LoopBack could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, because it is then possible for anyone to create an AccessToken for any User, provided they know the userID and can hen...

StoreFront Loopback Feature analysis when configuring Base URL for load balance

In previous versions of StoreFront such as 2.6 or older, Citrix recommended that you manually modify the hosts file on each StoreFront server to map the fully qualified domain name FQDN of the load balancer to the loopback address or the IP address of the specific StoreFront server. This ensures...

VirtualBox virtual machine latest escape vulnerability E1000 0day detailed analysis of under-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2.20 early version of the zero-day exploit detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take advantage of...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

NoSQL Injection

loopback-connector-mongodb is susceptible to NoSQL injection attack. The buildWhere and buildSort functions fail to sanitize the filter passed to the database query, allowing the attacker to inject and execute arbitrary NoSQL queries...

NoSQL Injection

Overview Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the speci...