IBM Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

Apr 17, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

IBM API Connect has addressed the following vulnerabilities.  API Connect Developer Portal is impacted by Drupal vulnerability: Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this vulnerability using multiple attack vectors to execute arbitrary code on the system.

CVE(s): CVE-2018-7600

Affected product(s) and affected version(s):

Affected IBM API Connect	Affected Versions
IBM API Management	4.0.0.0-4.0.4.6
IBM API Connect	5.0.6.0-5.0.6.6
IBM API Connect	5.0.7.0-5.0.7.2
IBM API Connect	5.0.8.0-5.0.8.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015105
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140913

from IBM Product Security Incident Response Team https://ift.tt/2EV9zsy