IBM API Connect has addressed the following vulnerability.
CVEID:CVE-2019-11477
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162662 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM API Connect | 5.0.0.0-5.0.8.7 |
Affected Product | Addressed in VRMF | APAR | Remediation/First Fix |
---|
IBM API Connect
V5.0.0.0-5.0.8.7
| V5.0.8.7-ifix3 |
LI81361
|
Addressed in IBM API Connect V5.0.8.7 iFix released on January 26, 2020 or later.
Management server is impacted.
Follow this link and find the βManagementβ package appropriate for your installation.
http://www.ibm.com/support/fixcentral/swg/quickorder
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm api connect | eq | 5.0.0.0 | |
ibm api connect | eq | 5.0.8.7 |