Question & Answer
Question
2021年に公開されたAPI Connect に関連する脆弱性情報はありますか?
Answer
12月22日現在、API Connectに関して以下の脆弱性情報が公開されています。
| 公開日 | タイトル |
CVSS
基本値
|
修正が含まれるfixレベル |
|---|---|---|---|
| 2021/12/22 | Security Bulletin: Vulnerability in Apache Log4j affects IBM API Connect (APIC) (CVE-2021-44228) | 10 |
APAR LI82440
V5.0.8.12-ifix4
2018.4.1.17-ifix1
10.0.1.5-ifix3
10.0.4.0
|
| 2021/11/01 | Security Bulletin: IBM API Connect is impacted by a vulnerabilities in Node.js (CVE-2021-22884, CVE-2021-22883) | 6.5-7.5 |
APAR LI82400
Addressed in IBM API Connect V2018.4.1.16.
Addressed in IBM API Connect V10.0.1.5
Addressed in IBM API Connect 10.0.3.
|
| 2021/11/01 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal core (CVE-2021-32610) | 7.8 |
APAR LI82292
Addressed in IBM API Connect V5.0.8.12 iFix published on or after July 23, 2021.
Addressed in IBM API Connect 2018.4.1.17.
Addressed in IBM API Connect 10.0.1.4.
Developer Portal is impacted.
|
| 2021/10/06 | Security Bulletin: IBM API Connect is impacted by a vulnerability in PostgreSQL (CVE-2021-32029) | 6.5 |
APAR LI82353
Addressed in IBM API Connect V10.0.1.4.
Addressed in IBM API Connect V10.0.3.
Management server is impacted.
|
| 2021/09/16 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server | 3.3-9.1 |
APAR LI82296
Addressed in IBM API Connect V5.0.8.12
Management server is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (201714) | 6.5 |
APAR LI82260
Addressed in IBM API Connect V2018.4.1.16iFix1
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect V10.0.3
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL | 2.7-8 |
APAR LI81879
Addressed in IBM API Connect V2018.4.1.16 iFix dated 7 June or after.
Addressed in IBM API Connect V5.0.8.10 iFixes/fixpacks published on or after January 22, 2021.
Addressed in IBM API Connect V10.0.1.1.
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2020-27193) | 6.1 |
APAR LI82298
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect 10.0.3
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2021-33829) | 5.3-7.2 |
APAR LI82298
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect 10.0.3
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal CKEditor (CVE-2021-26271, CVE-2021-26272) | 7.5 |
APAR LI82298
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect 10.0.3
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Drupal dated modernizr library | 6.1-7.5 |
APAR LI82297
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect V10.0.3
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: API Connect V5 is potentially vulnerable to code injection (CVE-2021-29772) | 5.6 |
APAR LI82077
Addressed in IBM API Connect V5.0.8.12
Management server is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2020-24553) | 7.2 |
APAR LI82295
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect V10.0.3
All components are impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017) | 8.1 |
APAR LI82294
Addressed in IBM API Connect V5.0.8.12
Developer Portal is impacted.
|
| 2021/08/26 | Security Bulletin: IBM API Connect is impacted by vulnerability CVE-2021-29715. | 6.5 |
APAR LI82288
Addressed in IBM API Connect V5.0.8.12
Management server is impacted.
|
| 2021/08/24 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal core (CVE-2021-32610) | 7.8 |
APAR LI82292
Addressed in IBM API Connect V5.0.8.12 iFix published on or after July 23, 2021.
Developer Portal is impacted.
|
| 2021/08/24 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (201714) | 6.5 |
APAR LI82260
Addressed in IBM API Connect V2018.4.1.16iFix1
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect V10.0.3
Developer Portal is impacted.
|
| 2021/08/24 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-31525) | 7.5 |
APAR LI82291
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4.
All components are impacted.
|
| 2021/08/24 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-33194) | 7.5 |
APAR LI82291
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
All components are impacted.
|
| 2021/08/24 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal (CVE-2021-33829) | 5.4-7.2 |
APAR LI82290
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect V10.0.3.
Developer Portal impacted.
|
| 2021/08/24 | Security Bulletin: IBM API Connect is impacted by a cross site scripting vulnerability in Drupal core SA-CORE-2021-002 | 6.1 |
APAR LI77806
Addressed in IBM API Connect V2018.4.1.16ifix1.
Addressed in IBM API Connect V10.0.1.4
Addressed in IBM API Connect V10.0.3.
Addressed in IBM API Connect V5.0.8.12
Developer Portal is impacted.
|
| 2021/08/16 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-27919) | 5.5 |
APAR LI82279
Addressed in IBM API Connect V2018.4.1.17.
Addressed in IBM API Connect V10.0.1.4.
Addressed in IBM API Connect 10.0.3.
|
| 2021/08/16 | Security Bulletin: IBM API Connect on cloud is impacted by HTTP header injection vulnerability (CVE-2020-4706) | 5.4 |
API Connect on cloud V5
No user action required.
|
| 2021/08/03 | Security Bulletin: IBM API Connect is impacted by reflected cross site scripting (CVE-2020-4707) | 5.4 |
APAR LI82266
Addressed in IBM API Connect V5.0.8.12
|
| 2021/07/30 | Security Bulletin: IBM API Connect is impacted by multiple OpenSSL vulnerabilities | 7.4-7.5 |
APAR LI82246
Addressed in IBM API Connect 10.0.3.
Addressed in IBM API Connect V10.0.1.2 iFix2
Addressed in IBM API Connect V5.0.8.12
Management server impacted.
|
| 2021/07/19 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in node.js and OpenSSL (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883) | 6.5-7.5 |
APAR LI82244
Addressed in IBM API Connect V5.0.8.12
Management Server is impacted.
|
| 2021/06/16 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL | 2.3-6.8 |
APAR LI82186
Addressed in IBM API Connect V2018.4.1.16 iFix dated 7 June or after.
Addressed in IBM API Connect V5.0.8.10 iFixes/fixpacks published on or after April 29, 2021.
Developer Portal is impacted.
|
| 2021/06/07 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL | 2.7-8 |
APAR LI81879
Addressed in IBM API Connect V2018.4.1.16 iFix dated 7 June or after.
Addressed in IBM API Connect V5.0.8.10 iFixes/fixpacks published on or after January 22, 2021.
Developer Portal is impacted.
|
| 2021/04/28 | Security Bulletin: IBM API Connect is vulnerable to cookie forgery via PHP (CVE-2020-7070) | 5.3 |
APAR LI81915
Addressed in IBM API Connect 5.0.8.10 iFix published on or after December 16, 2020.
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
Developer Portal is impacted.
|
| 2021/04/06 | Security Bulletin: IBM API Connect is impacted by a directory traversal vulnerability in Drupal core SA-CORE-2021-001 (CVE-2020-36193) | 7.5 |
APAR LI82083
Addressed in IBM API Connect V5.0.8.10 iFix
published on or after January 22, 2021
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.2
Developer Portal is impacted.
|
| 2021/04/06 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Node.js and OpenSSL (CVE-2020-1971, CVE-2020-8265, CVE-2020-8287) | 7.4~7.5 |
APAR LI82014
Addressed in IBM API Connect V5.0.8.10 iFix (Developer Portal)
released on January 22nd, 2021 or later.
Developer Portal is impacted. Addressed in IBM API Connect V2018.4.1.16.
Addressed in IBM API Connect V10.0.1.2
All components are impacted.
|
| 2021/04/06 | Security Bulletin: IBM API Connect V5 is impacted by a denial of service (DoS) vulnerability in NTP (CVE-2020-15025) | 4.4 |
APAR LI82046
Addressed in IBM API Connect V5.0.8.11
Management server is impacted.
|
| 2021/04/06 | Security Bulletin: IBM API Connect V5 is impacted by a denial of service (DoS) vulnerability in NTP (CVE-2020-11868) | 5.9 |
APAR LI82045
Addressed in IBM API Connect V5.0.8.11
Management server is impacted.
|
| 2021/03/14 | Security Bulletin: IBM API Connect's API Manager is vulnerable to invitation and registration link tampering (CVE-2021-20440) | 6.4 |
APAR LI81697
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.0.
Management server is impacted.
|
| 2021/03/10 | Security Bulletin: IBM API Connect is impacted by a denial of service (DoS) vulnerability in OpenSSL (CVE-2020-1971) | 7.5 |
APAR LI82026
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.2
All components are impacted.
|
| 2021/03/10 | Security Bulletin: IBM API Connect is impacted by vulnerabilities in Docker (CVE-2021-21285, CVE-2021-21284) | 6.5-8 |
APAR LI82013
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.2
Management server is impacted.
|
| 2021/03/06 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java SE. | 3.1-4.2 |
APAR LI81962
Addressed in IBM API Connect V2018.4.1.15.
Management server is impacted.
|
| 2021/03/06 | Security Bulletin: IBM API Connect V10 is impacted by insecure communications during database replication (CVE-2020-4695) | 5.9 |
APAR LI82027
Addressed in IBM API Connect V10.0.1.1
Management server is impacted.
|
| 2021/03/06 | Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903) | 4.8 |
APAR LI82025
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.2
Management server is impacted.
|
| 2021/03/06 | Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277) | 7.5 |
APAR LI82024
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.2
All components are impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CVE-2020-4826) | 4.3 |
APAR LI81760
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
All components are impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect's Developer Portal is vulnerable to arbitrary code excution in Drupal Core (CVE-2020-13671) | 9.8 |
APAR LI81861
Addressed in IBM API Connect 5.0.8.10 iFix published on or after Nov 23, 2020.
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
Developer Portal is impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is impacted by a vulnerability in Java SE (CVE-2020-14782) | 3.7 |
APAR LI81861
Addressed in IBM API Connect V2018.4.1.15.
Management server is impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is impacted by insecure web server configuration (CVE-2020-4925) | 6.2 |
APAR LI81760
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
All components are impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is vulnerable to web cache poisoning (CVE-2020-4828) | 6.5 |
APAR LI81760
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
Management server is impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect's Developer Portal is impacted by multiple vulnerabilities in Drupal core. | 5.3~6.1 |
APAR LI81878
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.0.
Developer Portal is impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 ) | 7.3~7.5 |
APAR LI81959
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
All components are impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113) | 5.3~6.5 | APAR LI81877
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
All components are impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is vulnerable to sensitive information leak (CVE-2020-4640) | 3.4 |
APAR LI81876
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
Management server is impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-4827) | 4.3 |
APAR LI81760
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
Management server is impacted.
|
| 2021/02/02 | Security Bulletin: IBM API Connect V10 is vulnerable to cookie forgery via PHP (CVE-2020-7070) | 5.3 |
APAR LI81915
Addressed in IBM API Connect 5.0.8.10 iFix published on or after December 16, 2020.
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
Developer Portal is impacted.
|
| 2021/02/02 | Security Bulletin: API Connect is impacted by a denial of service (DoS) vulnerability in Node.js (CVE-2020-11080) | 3.7 |
APAR LI81875
Addressed in IBM API Connect V2018.4.1.15.
Addressed in IBM API Connect V10.0.1.1
All components are impacted.
|
| 2021/01/13 | Security Bulletin: IBM API Connect V5 Developer Portal is vulnerable to cross-site scripting (CVE-2020-4838) | 6.4 |
APAR LI81918
Addressed in IBM API Connect V5.0.8.10 iFix (Developer Portal)
released on December 18, 2020 or later
Developer Portal is impacted.
|
| 2021/01/11 | Security Bulletin: IBM API Connect V5 Developer Portal is vulnerable to cross-site scripting (CVE-2020-4838) | 6.4 |
APAR LI81918
Addressed in IBM API Connect V5.0.8.10 iFix (Developer Portal)
released on December 18, 2020 or later
Developer Portal is impacted.
|
| 2021/01/05 | Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (CVE-2020-4899) | 7.4 |
APAR LI81889
Addressed in IBM API Connect V5.0.8.10 iFix
published on or after December 18, 2020
Management server is impacted.
|
| 2021/01/05 | Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via PHP (CVE-2020-7068) | 4.4 |
APAR LI81916
Addressed in IBM API Connect V2018.4.1.13.
Addressed in IBM API Connect V10.0.1
Addressed in IBM API Connect V5.0.8.10
Developer Portal is impacted.
|
| 2021/01/05 | Security Bulletin: IBM API Connect V5 is vulnerable to cross-site scripting in jQuery (CVE-2015-9251) | 6.1 |
APAR LI81914
Addressed in IBM API Connect V5.0.8.10 iFix
published on or after December 18, 2020
Management server is impacted.
|
| 2021/01/05 | Security Bulletin: IBM API Connect V5 is impacted by vulnerabilities in Java (CVE-2020-14621, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579) | 3.7-5.3 |
APAR LI81913
Addressed in IBM API Connect V5.0.8.10 iFix
published on or after December 18, 2020
Management server is impacted.
|
Related Information
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"ARM Category":[{"code":"a8m50000000L0rvAAC","label":"API Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
22 December 2021
UID
ibm16397028