IBM API Connect is affected by two ReDoS vulnerabilities in modules included in the Node.js npm tool (CVE-2016-2537, CVE-2016-2515) and Node.js Package Manager (npm) Bearer Token Vulnerability (CVE-2016-3956). These vulnerabilities are now fixed.
CVE(s): CVE-2016-2515, CVE-2016-2537, CVE-2016-3956
Affected product(s) and affected version(s):
IBM API Connect V5.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29L0ODy
X-Force Database: http://ift.tt/1NSj7rH
X-Force Database: http://ift.tt/1rhWrqL
X-Force Database: http://ift.tt/1NSj7rJ
from IBM Product Security Incident Response Team http://ift.tt/29L1gBO
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.