Rewterz

Rewterz Threat Alert – -C-35 aka Donot Team – Active IOCs

December 2, 2022
Rewterz

Rewterz Threat Advisory – CVE-2022-41296 – IBM Db2U Vulnerability

December 2, 2022

Rewterz Threat Advisory – CVE-2021-38997 – IBM API Connect HOST Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-38997

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Impact

Gain Access

Indicators Of Compromise

CVE

  • CVE-2021-38997

Affected Vendors

IBM

Affected Products

  • IBM API Connect 2018.4.1.0
  • IBM API Connect 10.0.0.0
  • IBM API Connect 10.0.1.0
  • IBM API Connect 10.0.5.0
  • IBM API Connect 10.0.1.7
  • IBM API Connect 2018.4.1.19

Remediation

Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.

IBM Security Bulletin

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.