Friday, April 27, 2018

IBM Security Bulletin: API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

Share this post:

API Connect Developer Portal has addressed the following vulnerability. IBM API Connect Developer Portal is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.  

CVE(s): CVE-2018-1430

Affected product(s) and affected version(s):

Affected API Connect Affected Versions
IBM API Connect 5.0.0.0-5.0.6.5
IBM API Connect 5.0.7.0-5.0.7.2
IBM API Connect 5.0.8.0-5.0.8.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013058
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139226



from IBM Product Security Incident Response Team https://ift.tt/2r6EfCl

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.