APIs managed by API Connect which are protected by security restrictions could be accessed without providing valid security credentials.
CVEID: CVE-2017-1328**
DESCRIPTION:** IBM API Connect could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126230 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM API Connect V5.0.0.0 - V5.0.6.2
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Connect| 5.0.0.0 - 5.0.6.2 | LI79309| Apply V5.0.6.2_iFix1
None