Lucene search

K

IBMDEA06F95F7802ECBC95D55E9940E40E3949ADB5BCD96184885840CAC1A76C777

HistoryAug 24, 2021 - 9:06 p.m.

Security Bulletin: IBM API Connect is impacted by a vulnerability in Golang (CVE-2021-33194).

2021-08-2421:06:33

www.ibm.com

21

ibm api connect

vulnerability

golang

cve-2021-33194

denial of service

security patch

EPSS

0.001

Percentile

50.9%

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2021-33194
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by an infinite loop in golang.org/x/net/html. By sending a specially-crafted ParseFragment input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202644 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

API Connect	API Connect V10.0.0.0 - V10.0.1.2
API Connect	V2018.4.1.0-2018.4.1.16

Remediation/Fixes

Affected Product	Addressed in VRMF	APAR	Remediation/First Fix

IBM API Connect

V2018.4.1.0-2018.4.1.16

| 2018.4.1.17| LI82291 |

Addressed in IBM API Connect V2018.4.1.17.

All components are impacted.

Follow this link and find the appropriate package.

http://www.ibm.com/support/fixcentral/swg/quickorder

IBM API Connect

V10.0.0.0-V10.0.1.2

| 10.0.1.4|

LI82291

|

Addressed in IBM API Connect V10.0.1.4

All components are impacted.

Follow this link and find the appropriate package.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None

EPSS

0.001

Percentile

50.9%

Related for DEA06F95F7802ECBC95D55E9940E40E3949ADB5BCD96184885840CAC1A76C777

osv7 veracode1 gitlab2 cgr1 ubuntucve1 nvd1 prion1 ibm17 github1 debiancve1 cvelist1 cbl_mariner1 redhatcve1 cve1 wolfi1 openvas1 fedora1 redhat3 nessus2