IBM Support

Security Bulletin: IBM API Connect has released 5.0.8.2 iFix in response to the vulnerabilities known as Spectre and Meltdown.

Created by Jim McGarrahan on
Published URL:
https://www.ibm.com/support/pages/node/568013
568013

Security Bulletin


Summary

IBM has released the 5.0.8.2 iFix for IBM API Connect in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754.

Vulnerability Details

CVEID: CVE-2017-5753

CVEID: CVE-2017-5715

CVEID: CVE-2017-5754

Affected Products and Versions

IBM API Management 4.0.0.0-4.0.4.6
IBM API Connect 5.0.0.0-5.0.6.6
IBM API Connect 5.0.7.0-5.0.7.2
IBM API Connect 5.0.8.0-5.0.8.2

Remediation/Fixes

Affected Product

Addressed in VRMFAPARRemediation/First Fix
IBM API Management

4.0.0.0-4.0.4.6
5.0.8.2LI80028Addressed in IBM API Connect V5.0.8.2 Developer Portal iFix.

Follow this link and find the lastest 5.0.8.2 API Connect packages / iFix packages.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all
IBM API Connect

5.0.0.0-5.0.6.6
5.0.8.2LI80028Addressed in IBM API Connect V5.0.8.2 Developer Portal iFix.

Follow this link and find the lastest 5.0.8.2 API Connect packages / iFix packages.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all
IBM API Connect

5.0.7.0-5.0.7.2
5.0.8.2LI80028Addressed in IBM API Connect V5.0.8.2 Developer Portal iFix.

Follow this link and find the lastest 5.0.8.2 API Connect packages / iFix packages.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all
IBM API Connect

5.0.8.0-5.0.8.2
5.0.8.2LI80028Addressed in IBM API Connect V5.0.8.2 Developer Portal iFix.

Follow this link and find the lastest 5.0.8.2 API Connect packages / iFix packages.

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.1&platform=All&function=all

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

23 March 2018: original document published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSMNED","label":"IBM API Connect"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0.8.2;5.0.8.1;5.0.8.0;5.0.7.2;5.0.7.1;5.0.7.0;5.0.6.5;5.0.6.4;5.0.6.3;5.0.6.2;5.0.6.1;5.0.6.0;5.0.5.0;5.0.4.0;5.0.3.0;5.0.2.0;5.0.1.0;5.0.0.1;5.0.0.0;5.0","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg22014530