Lucene search

IBMF64FDFF382BA30A3BA9DF837B27AD025B2FF0CF740BEE6AA0507A13FD3B08867

HistoryDec 20, 2019 - 8:47 a.m.

Security Bulletin: API Connect is impacted by credential caching

2019-12-2008:47:33

www.ibm.com

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2019-4444
**DESCRIPTION:**IBM API Connect Developer Portal’s user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163453 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
API Connect	2018.1-2018.4.1.7

Remediation/Fixes

Affected releases	Fixed in VRMF	APAR	Remediation / First Fix
IBM API Connect V2018.1-2018.4.1.7

v2018.4.1.8-ifix1.0

LI81104

Addressed in IBM API Connect v2018.4.1.8-ifix1.0.

Developer Portal is impacted.

Follow this link and find the “portal” package appropriate

form factor for your installation for 2018.4.1.8.

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+

Connect&release=2018.4.1.7&platform=All&function=all&source=fc

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm api connecteq2018.4.1.0
ibm api connecteq2018.4.1.7

CPE	Name	Operator	Version
	ibm api connect	eq	2018.4.1.0
	ibm api connect	eq	2018.4.1.7

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for F64FDFF382BA30A3BA9DF837B27AD025B2FF0CF740BEE6AA0507A13FD3B08867