CVE-2020-4452

CVE-2020-4452 affects IBM API Connect versions 2018.4.1.0–2018.4.1.11, where weak cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Root cause: use of weaker-than-expected cryptography. Impact: disclosure of sensitive data. Remediation: IBM fixed in 2018.4....

Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes (CVE-2019-11254)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11254 DESCRIPTION: Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated...

Security Bulletin: IBM API Connect is vulnerable to sensitive information leak (CVE-2020-4346)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4346 DESCRIPTION: IBM API Connect's management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. CVSS Base score: 5.3 CVSS...

Security Bulletin: IBM API Connect is vulnerable to clickjacking (CVE-2020-4195)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4195 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could explo...

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to cross-site scripting.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 178183 DESCRIPTION: Drupal core cross-site scripting CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178183 for the current score. CVSS...