Security Bulletin: IBM API Connect's Developer Portal is impacted by critical vulnerabilities in Drupal (SA-CORE-2019-009, SA-CORE-2019-011, SA-CORE-2019-012, SA-CORE-2019-010)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 173284 DESCRIPTION: Drupal security bypass CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173284 for the current score. CVSS Vector:...

Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-11841)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11841 DESCRIPTION: Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could...

Information disclosure

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148...