Question & Answer
Question
2022年に公開されたAPI Connect に関連する脆弱性情報はありますか?
Answer
12月9日現在、API Connectに関して以下の脆弱性情報が公開されています。
| 公開日 | タイトル |
CVSS
基本値
|
修正が含まれるfixレベル |
|---|---|---|---|
| 2022/12/8 | Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786) | 7.3-7.5 |
Addressed in IBM API Connect V10.0.5.2
Addressed in IBM API Connect V10.0.1.9 The analytics and portal components are impacted. |
| 2022/11/30 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169) | 7.3 |
Addressed in IBM API Connect V10.0.5.1
Addressed in IBM API Connect V10.0.1.9
The analytics component is impacted.
|
| 2022/11/30 | Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997) | 5.4 |
Addressed in IBM API Connect V10.0.5.1
Addressed in IBM API Connect V10.0.1.8
Addressed in IBM API Connect V2018.4.1.20
The management server component is impacted.
|
| 2022/10/21 | Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182) | 7.2 |
Addressed in IBM API Connect V10.0.5.1
Addressed in IBM API Connect V10.0.1.8
The UI component is impacted.
|
| 2022/10/21 | Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023) | 6.1 |
Addressed in IBM API Connect V10.0.5.1
Addressed in IBM API Connect V10.0.1.8
The UI component is impacted.
|
| 2022/05/06 | Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) | 9.8 |
Addressed in IBM API Connect
10.0.4.0-ifix3
Addressed in IBM API Connect
10.0.1.6-ifix1
|
| 2022/01/18 | Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832) | 6.6-9 |
Addressed in IBM API Connect V10.0.4.0-ifix1
Addressed in IBM API Connect V10.0.1.5-ifix4
Addressed in IBM API Connect V2018.4.1.17-ifix2
The analytics component is impacted.
Addressed in IBM API Connect V5.0.8.13
The Analytics and Management components are impacted.
|
| 2022/1/14 | Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in Java SE (CVE-2020-14782) | 3.7 |
APAR LI81861
Addressed in IBM API Connect 5.0.8.10 iFix published on or after December 16, 2020.
Management server is impacted.
|
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"ARM Category":[{"code":"a8m50000000L0rvAAC","label":"API Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
08 December 2022
UID
ibm16541266