IBM API Connect has addressed the following vulnerability.
CVEID:CVE-2019-17596
**DESCRIPTION:**Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/170191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2019-16276
**DESCRIPTION:**Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
CVSS Base score: 5.3
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/167963> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
API Connect | IBM API Connect V2018.4.1.0-2018.4.1.9 |
Affected releases | Fixed in VRMF | APAR | Remediation / First Fix |
---|---|---|---|
IBM API Connect V2018.4.1.0-2018.4.1.9 |
v2018.4.1.9
iFix 1
|
LI81295
|
Addressed in IBM API Connect v2018.4.1.9 iFix 1.
Management server, Analytics and Developer Portal are impacted.
Follow this link and find the package appropriate for the form factor of your installation
http://www.ibm.com/support/fixcentral/swg/quickorder
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm api connect | eq | 2018.4.1.0 | |
ibm api connect | eq | 2018.4.1.9 |