Saturday, February 3, 2018

IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382

API Connect has addressed the following vulnerability. IBM API Connect is vulnerable to cross-site scripting.  This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2018-1382

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013054
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138079

The post IBM Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382 appeared first on IBM PSIRT Blog.

Affected API Connect Affected Versions
IBM API Connect 5.0.0.0-5.0.6.4
IBM API Connect 5.0.7.0-5.0.7.2
IBM API Connect 5.0.8.0-5.0.8.1


from IBM Product Security Incident Response Team http://ift.tt/2EAHuZ1

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.