Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM API Connect Developer Portal 安全漏洞
Vulnerability Description
IBM API Connect(又名APIConnect)是美国IBM公司的一套用于管理API生命周期的集成解决方案。该方案支持创建、运行、管理和保护API和微服务等。Developer Portal是其中的一个开发者入口。 IBM API Connect 5.0.0.0版本至5.0.8.3版本中的Developer Portal存在安全漏洞,该漏洞源于重置用户密码时,Developer Portal没有执行双因子身份验证(TFA)。攻击者可利用该漏洞绕过TFA,获取全部的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A