SymmetricalDataSecurity: IBM Security Bulletin: API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

Friday, April 27, 2018

IBM Security Bulletin: API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

Apr 27, 2018 12:32 pm EDT

Share this post:

API Connect Developer Portal has addressed the following vulnerability. IBM API Connect Developer Portal is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2018-1430

Affected product(s) and affected version(s):

Affected API Connect	Affected Versions
IBM API Connect	5.0.0.0-5.0.6.5
IBM API Connect	5.0.7.0-5.0.7.2
IBM API Connect	5.0.8.0-5.0.8.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013058
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139226

from IBM Product Security Incident Response Team https://ift.tt/2r6EfCl

SymmetricalDataSecurity

Friday, April 27, 2018

IBM Security Bulletin: API Connect Developer Portal is affected by cross-site scripting vulnerability (CVE-2018-1430)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews