IBM Security Bulletin: IBM API Connect is affected by a Missing HTTP Strict Transport Security vulnerability (CVE-2018-1546)

Jul 3, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

IBM API Connect has addressed the following vulnerability. IBM API Connect could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man-in-the-middle techniques.

CVE(s): CVE-2018-1546

Affected product(s) and affected version(s):

API Connect	Affected Versions
IBM API Connect	5.0.0.0-5.0.8.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-prd-trops.events.ibm.com/node/715299
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142650

from IBM Product Security Incident Response Team https://ift.tt/2MFGaH5