IBM API Connect has addressed the following vulnerability.
CVEID:CVE-2021-22884
**DESCRIPTION:**Node.js is vulnerable to a denial of service, caused by an error when the allowlist includes “localhost6”. By controlling the victim’s DNS server or spoofing its responses, an attacker could exploit this vulnerability to bypass the DNS rebinding protection mechanism using the “localhost6” domain and cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)
CVEID:CVE-2021-22883
**DESCRIPTION:**Node.js is vulnerable to a denial of service, caused by a file descriptor leak. By making multiple attempts to connect with an ‘unknownProtocol’, an attacker could exploit this vulnerability to lead to an excessive memory usage and cause the system to run out of memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197190 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
API Connect | V10.0.1.0 - V10.0.1.4 |
---|---|
API Connect | V2018.4.1.0-2018.4.1.15 |
API Connect | V10.0.2 |
Affected Product | Addressed in VRMF | APAR | Remediation/First Fix |
---|
IBM API Connect
V2018.4.1.0-2018.4.1.15
| 2018.4.1.16| LI82400 |
Addressed in IBM API Connect V2018.4.1.16.
Follow this link and find the appropriate package.
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
V10.0.1.0-10.0.1.4
| 10.0.1.5|
LI82400
|
Addressed in IBM API Connect V10.0.1.5
Follow this link and find the appropriate package.
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
10.0.2
| 10.0.3|
LI82400
|
Addressed in IBM API Connect 10.0.3.
Follow this link and find the appropriate package.
http://www.ibm.com/support/fixcentral/swg/quickorder
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm api connect | eq | 2018 | |
ibm api connect | eq | 10 |