IBM API Connect has addressed the following vulnerabilities.
CVEID:CVE-2020-14845
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190163 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14828
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the DML component could allow an authenticated attacker to take control of the system.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190146 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-14848
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190166 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14866
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190184 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14844
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the PS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190162 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14829
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190147 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14839
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190157 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14861
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190179 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14830
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190148 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14836
**DESCRIPTION:**An unspecified vulnerability in MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190154 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14827
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Security: LDAP Auth component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190145 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2020-14821
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190139 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14852
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Charsets component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190170 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14846
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190164 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14853
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Cluster related to the NDBCluster Plugin component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190171 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
CVEID:CVE-2020-14837
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14812
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Locking component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190130 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-14838
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Security: Privileges component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190156 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-14878
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the LDAP Auth component could allow an authenticated attacker to take control of the system.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190195 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-14860
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Security: Roles component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190178 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2020-14814
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190132 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
API Connect | V2018.4.1.0-2018.4.1.16 |
API Connect | V5.0.0.0.0-5.0.8.10 |
API Connect | 10.0.1.0 |
Affected Product | Addressed in VRMF | APAR | Remediation/First Fix |
---|
IBM API Connect
V2018.4.1.0-2018.4.1.15
| 2018.4.1.16iFix|
LI81879
|
Addressed in IBM API Connect V2018.4.1.16 iFix dated 7 June or after.
Developer Portal is impacted.
Follow this link and find the “Portal” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
V5.0.0.0.0-5.0.8.10
| 5.0.8.10 iFixes/fixpacks published on or after January 22, 2021.|
LI81879
|
Addressed in IBM API Connect V5.0.8.10 iFixes/fixpacks published on or after January 22, 2021.
Developer Portal is impacted.
Follow this link and find the “Portal” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
V10.0.1.0
| 10.0.1.1|
LI81879
|
Addressed in IBM API Connect V10.0.1.1.
Developer Portal is impacted.
Follow this link and find the “Portal” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
None