CVE-2024-9174

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

CVE-2024-9174 Stored HTML Injection in Hubshare social module

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI...

M-Files Hubshare 安全漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in M-Files Hubshare versions prior to 5.0.8.6 that stems from the presence of an HTML injection vulnerability...

PT-2024-39472 · M Files · M-Files Hubshare

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 5.0.8.6 Description: The issue allows an authenticated user to spoof the UI through stored HTML injection in the Social Module. Recommendations: For versions prior to 5.0.8.6, update to version 5.0.8.6 or...

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 163681...

PT-2019-17093 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on t...

Security Bulletin: IBM API Connect Developer Portal is impacted by multiple PHP vulnerabilities(CVE-2019-11038 CVE-2019-11039 CVE-2019-11040)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11038 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an uninitialized read in the gdImageCreateFromXbm function. By sending a specially-crafted...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-18508)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.6 iFix 1. An...

Security Bulletin: IBM API Connect Developer Portal is impacted by a vulnerability in Drupal core (CVE-2019-11831)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11831 DESCRIPTION: The PharStreamWrapper package as used in Typo3 and Drupal could allow a remote attacker to bypass security restrictions, caused by a directory traversal flaw. By sending a...

Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in IBM Java SDK (CVE-2018-3139 CVE-2018-3180)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM API Connect version 5. IBM API Connect has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified...

CVE-2019-4256

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944...

PT-2019-16996 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For versio...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-25511)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.6 for cryptographic...

CVE-2018-1991

IBM API Connect 5.0.0.0–5.0.8.6 is affected by an information-disclosure vulnerability (CVE-2018-1991) that could reveal sensitive information about the underlying software stack via CMC UI headers. The root cause is a disclosure in requests/responses that exposes internal details. Affected produ...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-40899)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect versions 5.0.0.0 through...

Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-1991 DESCRIPTION: IBM API Connect could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. CVSS Base Score: 2.7...

CVE-2019-4202

The CVE-2019-4202 issue affects IBM API Connect, specifically the Developer Portal in versions 5.0.0.0 through 5.0.8.6. The root cause is a command-injection vulnerability arising from inadequate filtering during the construction of executable commands, allowing a remote attacker to craft a reque...

CVE-2019-4203

The CVE-2019-4203 issue affects IBM API Connect Developer Portal (versions 5.0.0.0–5.0.8.6). The root cause allows app developers to download arbitrary files from the host OS and may enable SSRF attacks. Impact is described as potential exposure of files with high integrity/availability concerns....

PT-2019-16961 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue allows an attacker to perform command injection using a specially crafted request, potentially leading to arbitrary code execution on the server and complete system acces...

Command Execution Vulnerability in IBM API Connect

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A command injection vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.6,...