Home Unlabelled IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779)

IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779)

By
Saturday, November 17, 2018
Read
Add Comment

Nov 17, 2018 8:02 am EST

Categorized: High Severity

Share this post:

API Connect has addressed the following vulnerability. The management microservice in API Connect version 2018.1 through 2018.3.7 is vulnerable to denial of service attacks via large JSON payloads. An attacker can flood the management service with unauthenticated api requests with large JSON payloads. This could result in the server allocating disproportionate computing resources to process the malicious requests causing the server to crash.

CVE(s): CVE-2018-1779

Affected product(s) and affected version(s):

Affected API ConnectAffected Versions
IBM API Connect2018.1-2018.3.7

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10733851
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148802



from IBM Product Security Incident Response Team https://ift.tt/2FtA6CI
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us