IBM API Connect 5.0.8.6 Remote Code Execution Vulnerability

Summary

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 

Credit:

The information has been provided by IBM
The original article can be found at: https://www.ibm.com/support/docview.wss?uid=ibm10882968


Details

IBM API Connect is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • IBM API Connect 5.0.8.6
  • IBM API Connect 5.0.8.5
  • IBM API Connect 5.0.8.4
  • IBM API Connect 5.0.8.2
  • IBM API Connect 5.0.8.1
  • IBM API Connect 5.0.8.0
  • IBM API Connect 5.0.7.2
  • IBM API Connect 5.0.7.1
  • IBM API Connect 5.0.7.0
  • IBM API Connect 5.0.6.6
  • IBM API Connect 5.0.6.5
  • IBM API Connect 5.0.6.4
  • IBM API Connect 5.0.6.3
  • IBM API Connect 5.0.6.2
  • IBM API Connect 5.0.6.0
  • IBM API Connect 5.0.3.0
  • IBM API Connect 5.0.2.0
  • IBM API Connect 5.0.1.0
  • IBM API Connect 5.0.0.1
  • IBM API Connect 5.0.0.0

CVE Information:

CVE-2019-4256

Disclosure Timeline:
Publish Date:05/29/2019