Question & Answer
Question
2020年に公開されたAPI Connect に関連する脆弱性情報はありますか?
Answer
12月4日現在、API Connectに関して以下の脆弱性情報が公開されています。
| 公開日 | タイトル |
CVSS
基本値
|
修正が含まれるfixレベル |
|---|---|---|---|
| 2020/12/04 | Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) | 4.8-8.8 |
APAR LI81585
Addressed in IBM API Connect V2018.4.1.12.
Addressed in IBM API Connect V10.0.1.0
Developer Portal is impacted.
|
| 2020/11/23 | Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) | 4.8-8.8 |
APAR LI81585
Addressed in IBM API Connect V2018.4.1.12.
Addressed in IBM API Connect V10.0.1.0
Developer Portal is impacted.
|
| 2020/11/16 | Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) | 4.8-8.8 |
APAR LI81585
Addressed in IBM API Connect V2018.4.1.12.
Addressed in IBM API Connect V10.0.1.0
Developer Portal is impacted.
|
| 2020/11/09 | Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (CVE-2019-11479) | 7.5 |
APAR LI81831
Addressed in IBM API Connect V5.0.8.10 fixpack
Management server is impacted.
|
| 2020/10/23 | Security Bulletin: IBM API Connect's Developer Portal is vulnerable to social engineering attacks (CVE-2020-4337) | 6.5 |
APAR LI81425
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
Developer Portal is impacted.
|
| 2020/10/07 | Security Bulletin: API Connect is vulnerable to denial of service via Kubernetes (CVE-2020-8557, CVE-2020-8559) | 5.5-6.4 |
APAR LI81762
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
All OVA components are impacted.
|
| 2020/10/07 | Security Bulletin: API Connect is vulnerable to denial of service (CVE-2020-16845) | 7.5 |
APAR LI81763
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
All components are impacted. |
| 2020/10/07 | Security Bulletin: IBM API Connect's API Manager is vulnerable to privilege escalation(CVE-2020-4638) | 7.2 |
APAR LI81648
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
Management server is impacted. |
| 2020/10/07 | Security Bulletin: IBM API Connect V 2018 is impacted by a vulnerability in Go (Golang) (CVE-2020-7919) | 7.5 |
APAR LI81625
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
All components are impacted.
|
| 2020/10/07 | Security Bulletin: IBM API Connect V10 is impacted by denial of service vulnerabilities in Crunchy kernel (CVE-2020-8616, CVE-2020-8617) | 7.5-8.6 |
APAR LI81761
Addressed in IBM API Connect V10.0.1
Management server is impacted.
|
| 2020/10/06 | Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL. | 2.2-6.5 |
APAR LI81610
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
Developer Portal is impacted.
|
| 2020/10/06 | Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663) | 8.8 |
APAR LI81584
Addressed in IBM API Connect V5.0.8.8 iFix released on or after June 18th, 2020.
Addressed in IBM API Connect V2018.4.1.12.
Addressed in IBM API Connect V10.0.1.0 Developer Portal is impacted. |
| 2020/09/02 | Security Bulletin: IBM API Connect's API Manager is vulnerable to privilege escalation(CVE-2020-4638) | 7.2 |
APAR LI81648
Addressed in IBM API Connect V2018.4.1.13.
Management server is impacted. |
| 2020/09/02 | Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL. | 2.2-6.5 |
APAR LI81610
Addressed in IBM API Connect V2018.4.1.13.
Developer Portal is impacted. |
| 2020/09/02 | Security Bulletin: IBM API Connect V 2018 is impacted by a vulnerability in Go (Golang) (CVE-2020-7919) | 7.5 | APAR LI81625
Addressed in IBM API Connect V2018.4.1.13.
All components are impacted. |
| 2020/09/02 | Security Bulletin: IBM API Connect's Developer Portal is vulnerable to social engineering attacks (CVE-2020-4337) | 6.5 |
APAR LI81425
Addressed in IBM API Connect V2018.4.1.13.
Developer Portal is impacted. |
| 2020/07/27 | Security Bulletin: IBM API Connect is impacted by a cross-site scripting vulnerability in jQuery (XForce ID 180875) | 6.1 |
APAR LI81611
Addressed in IBM API Connect V2018.4.1.12
Developer Portal is impacted.
|
| 2020/07/27 | Security Bulletin: IBM API Connect V5 is vulnerable to denial of service (PHP CVE-2019-11048) | 7.5 |
APAR LI81613
Addressed in IBM API Connect V5.0.8.8 iFix
released on June 18, 2020 or later
Developer Portal is impacted.
|
| 2020/07/27 | Security Bulletin: IBM API Connect is vulnerable to a denial of service vulnerability in Oracle MySQL (CVE-2020-2589) | 4.9 |
APAR LI81612
Addressed in IBM API Connect V2018.4.1.12.
Developer Portal is impacted.
|
| 2020/07/17 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java. | 3.7~5.3 |
APAR LI81614
Addressed in IBM API Connect V5.0.8.9 fixpack
Management server is impacted.
|
| 2020/07/17 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Java (CVE-2020-2654) | 3.7 |
APAR LI81614
Addressed in IBM API Connect V5.0.8.9 fixpack
Management server is impacted.
|
| 2020/07/17 | Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (PHP CVE-2020-7067) | 4.3 |
APAR LI81627
Addressed in IBM API Connect V5.0.8.8 iFix
released on June 18, 2020 or later
Developer Portal is impacted.
|
| 2020/06/29 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7066, CVE-2020-7065, CVE-2020-7064) | 5.4~8.8 |
APAR LI81535
Addressed in IBM API Connect V5.0.8.8 iFix
released on May 12, 2020 or later
Addressed in IBM API Connect V2018.4.1.11
Developer Portal is impacted.
|
| 2020/06/26 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023) | 6.1 |
APAR LI81522
Addressed in IBM API Connect V5.0.8.8 iFix released on or after June 8, 2020.
Addressed in IBM API Connect V2018.4.1.12.
Developer Portal is impacted.
|
| 2020/06/26 | Security Bulletin: IBM API Connect is vulnerable to cross-site scripting (XSS) in Drupal (sa-contrib-2020-025) | 5.4 |
APAR LI81586
Addressed in IBM API Connect V5.0.8.8 iFix released on or after June 18th, 2020.
Developer Portal is impacted.
|
| 2020/06/26 | Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665) | 4.8~8.8 |
APAR LI81585
Addressed in IBM API Connect V2018.4.1.12.
Developer Portal is impacted.
|
| 2020/06/26 | Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-13663) | 8.8 |
APAR LI81584
Addressed in IBM API Connect V5.0.8.8 iFix released on or after June 18th, 2020.
Addressed in IBM API Connect V2018.4.1.12.
Developer Portal is impacted.
|
| 2020/06/26 | Security Bulletin: IBM API Connect V 2018 (ova) is impacted by weak cryptographic algorithms (CVE-2020-4452) | 5.9 |
APAR LI81531
Addressed in IBM API Connect V2018.4.1.12.
All .OVA images are impacted. |
| 2020/06/22 | Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) | 4.3~5.3 |
APAR LI81564
Addressed in IBM API Connect V2018.4.1.11.
All components are impacted. Only ova deployments are impacted. |
| 2020/06/17 | Security Bulletin: IBM API Connect V2018 is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552) | 4.3~5.3 |
APAR LI81564
Addressed in IBM API Connect V2018.4.1.11.
All components are impacted. Only ova deployments are impacted. |
| 2020/06/11 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023) | 6.1 |
APAR LI81522
Addressed in IBM API Connect V5.0.8.8 iFix released on or after June 8, 2020.
Developer Portal is impacted.
|
| 2020/06/11 | Security Bulletin: IBM API Connect V5 is vulnerable to cross site scripting (XSS) (CVE-2020-4251) | 5.4 |
APAR LI81534
Developer Portal:
Addressed in IBM API Connect V5.0.8.8 iFix1 on or after May 12, 2020.
Developer Portal is impacted.
Management Server:
Addressed in IBM API Connect V5.0.8.8 iFix2 on or after June 5, 2020.
Management Server is impacted.
|
| 2020/06/11 | Security Bulletin: IBM API Connect V5 is impacted by an Open Redirect vulnerability in Drupal core(CVE-2020-13662) | 6.5 |
APAR LI81520
Addressed in IBM API Connect 5.0.8.8 iFix published on or after June 8, 2020.
Developer Portal is impacted.
|
| 2020/05/13 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7060, CVE-2020-7059) | 7.5~7.8 |
APAR LI81501
Addressed in IBM API Connect V5.0.8.8
Addressed in IBM API Connect V2018.4.1.11
Developer Portal is impacted.
|
| 2020/05/11 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes (CVE-2019-11254) | 7.5 |
APAR LI81503
Addressed in IBM API Connect V2018.4.1.11.
All components are impacted. |
| 2020/05/11 | Security Bulletin: IBM API Connect is vulnerable to sensitive information leak (CVE-2020-4346) | 5.3 |
APAR LI81426
Addressed in IBM API Connect V2018.4.1.11.
Management server is impacted.
|
| 2020/05/11 | Security Bulletin: IBM API Connect is impacted by a vulnerability in NGINX (CVE-2019-20372) | 5.3 |
APAR LI81414
Addressed in IBM API Connect V5.0.8.8.
Developer Portal is impacted.
Addressed in IBM API Connect V2018.4.1.11
All components are impacted.
|
| 2020/05/11 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Node.js(CVE-2019-15604, CVE-2019-15605, CVE-2019-15606) | 5.3~6.5 |
APAR LI81406
Addressed in IBM API Connect V5.0.8.8.
Addressed in IBM API Connect V2018.4.1.11
All components are impacted.
|
| 2020/05/11 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in PHP (CVE-2019-11045, CVE-2019-11044, CVE-2019-11046) | 5.3~6.5 |
APAR LI81408
Addressed in IBM API Connect V5.0.8.8.
Addressed in IBM API Connect V2018.4.1.11
Developer Portal is impacted.
|
| 2020/05/11 | Security Bulletin: IBM API Connect is vulnerable to vulnerabilities in PHP (CVE-2020-7061, CVE-2020-7062, CVE-2020-7063) | 5.5~7.5 |
APAR LI81500
Addressed in IBM API Connect V5.0.8.8.
Addressed in IBM API Connect V2018.4.1.11.
Developer Portal server is impacted. |
| 2020/05/11 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7069, CVE-2020-7059) | 7.5~9.8 |
APAR LI81501
Addressed in IBM API Connect V5.0.8.8
Addressed in IBM API Connect V2018.4.1.11
Developer Portal is impacted.
|
| 2020/05/11 | Security Bulletin: IBM API Connect is vulnerable to clickjacking (CVE-2020-4195) | 5.4 |
APAR LI81353
Addressed in IBM API Connect V2018.4.1.11.
Management server is impacted. |
| 2020/05/11 | Security Bulletin: IBM API Connect's Developer Portal is vulnerable to cross-site scripting. | 5.4 |
APAR LI81407
Addressed in IBM API Connect V2018.4.1.11. Developer Portal is impacted.
|
| 2020/03/30 | Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL. | 2.7~6.5 |
APAR LI81424
Addressed in IBM API Connect v2018.4.1.9-ifix1.0 or subsequent iFixes.
Addressed in IBM API Connect 5.0.8.7 iFix_20200225-1243 or subsequent iFixes.
Developer Portal is impacted.
|
| 2020/03/30 | Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java (CVE-2020-2604) | 8.1 |
APAR LI81409
Addressed in IBM API Connect V2018.4.1.10.
Management server is impacted. |
| 2020/03/23 | Security Bulletin: IBM API Connect is impacted by an unspecified vulnerability in Java (CVE-2019-2989) | 6.8 |
APAR LI81404
Addressed in IBM API Connect 5.0.8.7 iFix4.
Management server is impacted.
|
| 2020/03/13 | Security Bulletin: IBM API Connect is impacted by weak cryptographic algorithms (CVE-2019-4553) | 5.9 |
APAR LI81283
Addressed in IBM API Connect 5.0.8.7 iFix released on or after 11 March 2020.
Management server is impacted. |
| 2020/03/03 | Security Bulletin: IBM API Connect's Developer Portal is impacted by a denial of service vulnerability in MySQL (CVE-2019-2805) | 6.5 |
APAR LI81289
Addressed in IBM API Connect 5.0.8.7 iFix released on or after 27 January 2020.
Addressed in IBM API Connect V2018.4.1.10.
Developer Portal is impacted.
|
| 2020/03/02 | Security Bulletin: IBM API Connect is potentially impacted by vulnerabilities in MySQL | 4.4~7.5 |
APAR LI81290
Addressed in IBM API Connect 5.0.8.7 iFix
Addressed in IBM API Connect 2018.4.1.10
Developer Portal is impacted.
|
| 2020/03/02 | Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL | 2.7~6.5 |
APAR LI81373
Addressed in IBM API Connect 5.0.8.7 iFix on or after 26 January 2020.
Addressed in IBM API Connect 2018.4.1.10
Developer Portal is impacted.
|
| 2020/03/02 | Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP | 5.3~9.8 |
APAR LI81270
Addressed in IBM API Connect v2018.4.1.10. Developer Portal is impacted. |
| 2020/02/20 | Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477) | 7.5 |
APAR LI81361
Addressed in IBM API Connect V5.0.8.7 iFix released on January 26, 2020 or later.
Management server is impacted. |
| 2020/01/31 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Golang (CVE-2019-17596) | 7.5 |
APAR LI81295
Addressed in IBM API Connect v2018.4.1.9 iFix 1. All components are impacted. |
| 2020/01/31 | Security Bulletin: IBM API Connect's Developer Portal is impacted by critical vulnerabilities in Drupal (SA-CORE-2019-009, SA-CORE-2019-011, SA-CORE-2019-012, SA-CORE-2019-010) | 4.3~8.8 |
APAR LI81274
Addressed in IBM API Connect 5.0.8.7 iFix release on or after 16 January 2020.
Addressed in IBM API Connect 2018.4.1.9 iFix 1.
Developer Portal is impacted.
|
| 2020/01/27 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes (CVE-2019-11251) | 5.9 | APARLI81314
Addressed in IBM API Connect v2018.4.1.9. All components deployed on Kubernetes are impacted. |
| 2020/01/17 | Security Bulletin: IBM API Connect is potentially impacted by vulnerabilities in MySQL | 4.4~7.5 |
APAR LI81290
Addressed in IBM API Connect 5.0.8.7 iFix
Developer Portal is impacted.
|
| 2020/01/17 | Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043) | 9.8 |
APAR LI81163
Addressed in IBM API Connect 5.0.8.7 iFix release on or after 17 January 2020.
Developer Portal is impacted.
Addressed in IBM API Connect V2018.4.1.9.
Developer Portal is impacted. |
| 2020/01/17 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Elastic Logstash (CVE-2019-7612) | 5.3 |
APAR LI81292
Addressed in IBM API Connect v2018.4.1.8-ifix2.0. Analytics component is impacted. Addressed in IBM API Connect v5.0.8.7 iFix Analytics component is impacted. |
| 2020/01/02 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Kubernetes (CVE-2019-11249, CVE-2019-11247) | ~8.1 |
APAR LI81165
Addressed in IBM API Connect v2018.4.1.8 and subsequent fixes.
All components are impacted. |
| 2020/01/02 | Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2. | 7.5 |
APAR LI81280
Addressed in IBM API Connect v2018.4.1.9.
All components are impacted. |
| 2020/01/02 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11253) | 7.5 |
APAR LI81179
Addressed in IBM API Connect v2018.4.1.9. All components deployed on Kubernetes are impacted. |
Related Information
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
03 December 2020
UID
ibm11168588