PT-2017-12967 · Ibm · Api Connect

Published

2017-06-27

Updated

2019-10-03

CVE-2017-1328

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM API Connect versions 5.0.0.0 through 5.0.6.0

Description The issue is caused by improper handling of security policy, allowing a remote attacker to bypass security restrictions of the API. An attacker could exploit this by crafting a suitable request to bypass security and use the vulnerable API.

Recommendations For versions 5.0.0.0 through 5.0.6.0, update to a version that properly handles security policy to prevent bypassing of security restrictions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-1328

Affected Products

Api Connect

PT-2017-12967 · Ibm · Api Connect

CVE-2017-1328

Related Identifiers

Affected Products

References · 5