Lucene search

IBM6D4BC30FC7D54719CC8531DD40CAEF904411E8A769D791119C3658B78C353F56

HistoryJun 26, 2020 - 7:44 p.m.

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023)

2020-06-2619:44:32

www.ibm.com

0.061 Low

EPSS

Percentile

93.6%

JSON

Summary

IBM API Connect has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-11022
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-11023
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181350 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
API Connect	IBM API Connect V5.0.0.0-5.0.8.8
API Connect	V2018.4.1.0-2018.4.1.11

Remediation/Fixes

Affected Product

Addressed in VRMF

APAR

Remediation / First Fix

—|—|—|—

IBM API Connect

V5.0.0.0-5.0.8.8

| 5.0.8.8 iFix2 | LI81522 | Addressed in IBM API Connect V5.0.8.8 iFix released on or after June 8, 2020.

Developer Portal is impacted.

Follow this link and find the “Portal” package:

http://www.ibm.com/support/fixcentral/swg/quickorder

IBM API Connect

V2018.4.1.0-2018.4.1.11

| 2018.4.1.12 |

LI81522

Addressed in IBM API Connect V2018.4.1.12.

Developer Portal is impacted.

Follow this link and find the “Portal” package.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm api connecteq5.0.0.0
ibm api connecteq5.0.8.8
ibm api connecteq2018.4.1.
ibm api connecteq2018.4.1.11

Name	Operator	Version
ibm api connect	eq	5.0.0.0
ibm api connect	eq	5.0.8.8
ibm api connect	eq	2018.4.1.
ibm api connect	eq	2018.4.1.11

0.061 Low

EPSS

Percentile

93.6%

JSON

Related for 6D4BC30FC7D54719CC8531DD40CAEF904411E8A769D791119C3658B78C353F56