IBM API Connect has addressed the following vulnerabilities.
CVEID:CVE-2018-1784
**DESCRIPTION:*IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148807> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)
|
—|—
IBM API Connect
|
5.0.0.0-5.0.8.4
|
|
|
—|—|—|—
IBM API Connect
5.0.0.0-5.0.8.4
| 5.0.8.5 fix pack |
LI80407
|
Addressed in IBM API Connect V5.0.8.5 fix pack.
Loopback framework is impacted.
Follow this link and find the APIConnect_Management V5.0.8.5 download.