Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997)

Summary IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997. Vulnerability Details CVEID:CVE-2021-38997 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOS...

Security Bulletin: IBM API Connect is vulnerable to OpenSSL vulnerabilities (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Summary IBM API Connect has addressed the following information disclosure and denial of service vulnerabilities in OpenSSL CVE-2022-4304, CVE-2023-0215, and CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information...

Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)

Summary Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial ...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (CVE-2021-33829)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33829 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious...

Security Bulletin: IBM API Connect's Developer Portal is impacted by multiple vulnerabilities in Drupal core.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13669 DESCRIPTION: Drupal core is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the built-in CKEditor image caption functionality. A remote...

Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities (CVE-2020-13935)

Summary IBM Integration Bus ships Apache Tomcat which is susceptible to vulnerabilities which were reported and have been addressed. Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in ...

Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13663 DESCRIPTION: Drupal core is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Form API. By persuading an authenticated user to visit a...

CVE-2018-1801

CVE-2018-1801 affects IBM App Connect 11.0.0.0–11.0.0.1, IBM Integration Bus 10.0.0.0–10.0.0.13, IBM Integration Bus 9.0.0.0–9.0.0.10, and WebSphere Message Broker 8.0.0.0–8.0.0.9. It enables XML External Entity (XXE) processing vulnerabilities that could allow a remote attacker to exhaust memory...