Question & Answer
Question
2019年に公開されたAPI Connect に関連する脆弱性情報はありますか?
Answer
12月23日現在、API Connectに関して以下の脆弱性情報が公開されています。
公開日 | タイトル |
CVSS
基本値
|
修正が含まれるfixレベル |
---|---|---|---|
2019/12/20 | Security Bulletin: API Connect is impacted by credential caching | 5.1 | APAR LI81104 Addressed in IBM API Connect v2018.4.1.8-ifix1.0. Developer Portal is impacted. |
2019/12/17 | Security Bulletin: IBM API Connect is potentially impacted by weak cryptographic algorithms(CVE-2019-4609) | 5.9 |
APAR LI81106
Addressed in IBM API Connect v2018.4.1.8. Management server is impacted. |
2019/8/13 | Security Bulletin: IBM API Connect's Developer Portal is impacted by a path traversal vulnerability. | 6.1 | APAR LI81013
Addressed in IBM API Connect 5.0.8.7 fixpack.
Developer Portal is impacted. |
2019/8/13 | Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-11888) | 7.3 |
APAR LI80814
Addressed in IBM API Connect v2018.4.1.7 fixpack. Management server is impacted. |
2019/8/13 | Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-11841) | 5.9 |
APAR LI81006
Addressed in IBM API Connect v2018.4.1.7 fixpack.
Management server is impacted. |
2019/8/13 | Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-9634) | 7.8 |
APAR LI80814
Addressed in IBM API Connect v2018.4.1.5 fixpack.
Management server is impacted. |
2019/8/13 | Security Bulletin: IBM API Connect Developer Portal V2018 is vulnerable to denial of service(DoS) attacks(CVE-2019-4402) | 8.6 |
APAR LI81016
Addressed in IBM API Connect v2018.4.1.7 and subsequent iFixes.
Developer Portal is impacted.
|
2019/8/13 | Security Bulletin: API Connect V2018 (ova) is impacted by vulnerabilities in Ubuntu OS (CVE-2019-4504) | 7.5 |
APAR LI81011
Addressed in IBM API Connect v2018.4.1.7 fixpack.
All components are impacted. |
2019/8/13 | Security Bulletin: API Connect V2018 is impacted by a Kubernetes vulnerability(CVE-2019-11246) | 5.3 |
APAR LI81017
Addressed in IBM API Connect v2018.4.1.7 fixpack. All components are impacted.
|
2019/8/13 | Security Bulletin: API Connect V2018 is impacted by a vulnerability in nginx (CVE-2018-16843 CVE-2018-16844) | 5.3 |
APAR LI81004
Addressed in IBM API Connect v2018.4.1.7 fixpack.
Management server and Developer Portal subsystems are impacted.
|
2019/6/28 | Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040) | 9.8~ |
APAR LI80958
Addressed in IBM API Connect V5.0.8.6 iFix 2 dated June 11, 2019.
Addressed in IBM API Connect v2018.4.1.6 and subsequent iFixes.
Developer Portal is impacted.
|
2019/6/28 | Security Bulletin: API Connect is impacted by an information leakage vulnerability in Oracle MySQL (CVE-2018-3123) | 5.9 |
APAR LI80956
Addressed in IBM API Connect V5.0.8.6 iFix.
Addressed in IBM API Connect v2018.4.1.6 fixpack. Developer Portal is impacted.
|
2019/6/16 | Security bulletin: Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382) | 5.3 |
APAR LI80922
Addressed in IBM API Connect V5.0.8.6 iFix 2 provided June 14, 2019.
|
2019/6/15 | Security bulletin: Security Bulletin: IBM API Connect Developer Portal is impacted by a vulnerability in Drupal core (CVE-2019-11831) | 7.5 |
APAR LI80889
Addressed in IBM API Connect V5.0.8.6 iFix published on May 10, 2019.
Addressed in IBM API Connect v2018.4.1.6 fixpack.
|
2019/6/13 | 9.8~ |
APAR LI80921
Addressed in IBM API Connect V5.0.8.6 iFix.
Addressed in IBM API Connect v2018.4.1.6 fixpack. |
|
2019/6/13 | 5.3 | APAR LI80927 Addressed in IBM API Connect v2018.4.1.6 fixpack. |
|
2019/6/13 | Security bulletin: Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013) | 5.3 | APAR LI80923 Addressed in IBM API Connect v2018.4.1.6 fixpack. |
2019/6/7 | 5.3 |
APAR LI80859
Addressed in IBM API Connect V5.0.8.6 iFix.
|
|
2019/6/7 | 5.9 |
APAR LI80879
Addressed in IBM API Connect V5.0.8.6 iFix.
Addressed in IBM API Connect v2018.4.1.5 fixpack.
|
|
2019/6/6 | 3.1 |
APAR LI80857
Addressed in IBM API Connect V5.0.8.6 iFix.
|
|
2019/5/29 | Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911 CVE-2019-11358) | 7.3~ |
APAR LI80880
Addressed in IBM API Connect 5.0.8.6 iFix.
Addressed in IBM API Connect v2018.4.1.5 fixpack.
Developer Portal is impacted.
|
2019/5/23 | 7.1 |
APAR LI80821
Addressed in IBM API Connect 5.0.8.6 iFix.
Addressed in IBM API Connect v2018.4.1.5 fixpack.
Developer Portal is impacted.
|
|
2019/5/23 | 5.9 |
APAR LI80890
Addressed in IBM API Connect V5.0.8.6 iFix.
|
|
2019/5/20 | 2.7 |
APARLI80858
Addressed in IBM API Connect 5.0.8.6 iFix
|
|
2019/5/19 | 6.5 | APAR LI80824 Addressed in IBM API Connect v2018.4.1.5 fixpack. All components are impacted. |
|
2019/5/19 | 5.3 | APAR LI80824 Addressed in IBM API Connect v2018.4.1.5 fixpack. All components are impacted. |
|
2019/4/30 | 6.4 |
APAR LI80817
Addressed in IBM API Connect v2018.4.1.5 fixpack. Management server is impacted.
|
|
2019/4/30 | 6.1 | APAR LI80814 Addressed in IBM API Connect v2018.4.1.5 fixpack. All components are impacted. |
|
2019/4/30 | 5.3 |
APAR LI80819
Addressed in IBM API Connect v2018.4.1.5 fixpack. Management server is impacted.
|
|
2019/4/24 | 6.1 |
APAR LI80812
Addressed in IBM API Connect V5.0.8.6 fixpack.
Management server is impacted.
|
|
2019/4/11 | Security bulletin: Security Bulletin: IBM API Connect's Developer Portal(V5) is vulnerable to command injection (CVE-2019-4202) | 10 |
APAR LI80748
Addressed in IBM API Connect 5.0.8.6 iFix.
|
2019/4/11 | 8.9 |
APAR LI80780
Addressed in IBM API Connect 5.0.8.6 iFix.
|
|
2019/4/5 | 8.8 |
APAR LI80678
Addressed in IBM API Connect v2018.4.1.4 fixpack. |
|
2019/4/4 | 6.1 |
APAR LI80764
Addressed in IBM API Connect v2018.4.1.4 fixpack. |
|
2019/4/4 | Security bulletin: Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Drupal | 6.1 |
APAR LI80744
Addressed in IBM API Connect v2018.4.1.4 fixpack. |
2019/4/4 | 5.4 |
APAR LI80743
Addressed in IBM API Connect V5.0.8.6 fixpack.
Addressed in IBM API Connect v2018.4.1.4 fixpack.
Developer Portal is impacted.
|
|
2019/4/4 | 5.3 | APAR LI80766 Addressed in IBM API Connect v2018.4.1.4 fixpack. All components are impacted. |
|
2019/4/4 | Security bulletin: Security Bulletin: API Connect V2018 is impacted by vulnerability in the Kubernetes API server (CVE-2019-1002100) | 6.5 |
APAR LI80765
Addressed in IBM API Connect v2018.4.1.4 fixpack. All .ova images of API Connect are impacted.
|
2019/3/29 | Security bulletin: Security Bulletin: API Connect V5 is impacted by weak cryptographic algorithms (CVE-2018-2007) | 5.9 |
APAR LI80643
Addressed in IBM API Connect V5.0.8.6 fixpack.
Management server, Developer Portal, and Analytics are impacted.
|
2019/3/28 | Security bulletin: Security Bulletin: API Connect is affected by insecure caching (CVE-2018-1874) | 4.6 |
APAR LI80397
Addressed in IBM API Connect V5.0.8.6 fix pack.
|
2019/3/28 | Security bulletin: Security Bulletin: API Connect is impacted by multiple nodeJS vulnerabilities (CVE-2018-12122 CVE-2018-12121 CVE-2018-12123 CVE-2018-12116) | 5.3 |
APAR LI80736
Addressed in 5.0.8.6 fixpack. Management server and Developer Portal are impacted.
Addressed in IBM API Connect v2018.4.1.2 fixpack.
Developer Portal is impacted.
|
2019/3/21 | Security bulletin: Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052) | 8.2 |
APAR LI80652
Addressed in IBM API Connect v2018.4.1.3 fixpack. Management server is impacted.
|
2019/3/6 | 6.5 |
APAR LI80666
Addressed in IBM API Connect V2018.4.1.1 and higher.
Management Server is impacted.
|
|
2019/3/6 | 7.7 |
APAR LI80651
Addressed in IBM API Connect V2018.4.1.3 fixpack
The Open Virtual Appliance (OVA) packages for Management Server, Developer Portal and Analytics are impacted.
|
|
2019/3/6 | 9.8 |
APAR LI80636
Addressed in IBM API Connect v2018.4.1.3 fixpack. |
|
2019/2/2 | Security bulletin: Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339) | 7.5 |
APAR LI80590
Addressed in IBM API Connect Developer Portal V5.0.8.5 iFix.
Addressed in IBM API Connect v2018.4.1.2 release.
|
2019/2/2 | Security bulletin: Security Bulletin: API Connect V2018 is impacted by access token leak (CVE-2019-4008) | 9 | APAR LI80527 Addressed in IBM API Connect v2018.4.1.2 fixpack. |
2019/2/2 | Security bulletin: Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251) | 6.5 |
LI80590
Addressed in IBM API Connect Developer Portal V5.0.8.5 iFix.
Addressed in IBM API Connect v2018.4.1.2 release.
|
2019/1/29 | 9.8~ |
APAR LI80564
Addressed in IBM API Connect V5.0.8.5 fix pack.
|
|
2019/1/25 | Security bulletin: Security Bulletin: API Connect V5 is impacted by sensitive information disclosure via a REST API (CVE-2018-1976) | 4.9 |
APAR LI80566
Addressed in IBM API Connect V5.0.8.5 fixpack.
|
2019/1/11 | 7.4~ |
APAR LI80493
Addressed in IBM API Connect V5.0.8.5 fix pack.
|
|
2019/1/3 | Security bulletin: Security Bulletin: API Connect is affected by a vulnerability in the role-based access control (CVE-2018-1932) | 4.9 |
APAR LI80510
Addressed in IBM API Connect V5.0.8.5 fixpack.
|
2019/1/3 | Security bulletin: Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859) | 4.3 |
APAR LI80499
Addressed in IBM API Connect V5.0.8.5 fixpack.
|
2019/1/3 | 7.5 |
APAR LI80484
Addressed in IBM API Connect Developer Portal V5.0.8.4 iFix.
|
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
25 December 2019
UID
ibm10958255