Site icon API Security Blog

Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

## Summary

IBM API Connect has addressed the following improper access control vulnerability CVE-2023-285220.

## Vulnerability Details

** CVEID: **[CVE-2023-28522]()
** DESCRIPTION: **IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to.
CVSS Base score: 4.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250585]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
API Connect| V10.x

## Remediation/Fixes

Affected Product| Addressed in VRMF| Remediation/First Fix
—|—|—

IBM API Connect

V10.0.0.0 – V10.0.5.1

| V10.0.5.2| Addressed in IBM API Connect V10.0.5.2

The management server component is impacted.

Follow this link and find the appropriate package.

IBM API Connect

V10.0.1.4 – V10.0.1.9

| V10.0.1.11|

Addressed in IBM API Connect V10.0.1.11

The management server component is impacted.

Follow this link and find the appropriate package.

## Workarounds and Mitigations

None

##Read More

Exit mobile version