CVE-2020-4695

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality...

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

Design/Logic Flaw

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality...

Design/Logic Flaw

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

CVE-2020-4903

IBM API Connect contains an information-disclosure/impersonation vulnerability (CVE-2020-4903) affecting API Connect V10.0.1.1 and V2018.4.1.0–2018.4.1.13. The root issue is a vulnerability in the registration invitation flow allowing interception of the link to impersonate a user or access sensi...

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

CVE-2020-4695

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality...

CVE-2020-4695

IBM API Connect V10.0.1.0 is affected by insecure communications during database replication, allowing an attacker to view unencrypted data and causing confidentiality loss. The CVE-2020-4695 entry is supported by IBM and CNVD/NVD references, which describe the vulnerability as stemming from unse...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java SE.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low...

Security Bulletin: IBM API Connect V10 is impacted by insecure communications during database replication (CVE-2020-4695)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4695 DESCRIPTION: IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can...

Security Bulletin: IBM API Connect's provider org registration flow is vulnerable to impersonation and sensitive information leak. CVE-2020-4903)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4903 DESCRIPTION: IBM API Connect could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. CVSS Base score...

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerabili...

IBM API Connect 安全漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure vulnerability exists in IBM API Connect 10.0.1.1, 2018.4.1.0-2018.4.1.13. An attacker who intercepts a registration invitation link can use this vulnerability to impersonate a registered user or obtain...

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

IBM API Connect Information Disclosure Vulnerability (CNVD-2021-12646)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect, which can be exploited by an...

IBM API Connect Input Validation Error Vulnerability (CNVD-2021-09491)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect, which can be exploited by an...

IBM API Connect Cross-Site Request Forgery Vulnerability (CNVD-2021-09490)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site request forgery vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit this vulnerability to perform malicious and unauthorized actions transmitted from a use...

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2021-09489)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site scripting vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in the web UI that can alter the intende...

CVE-2020-4827

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841...

CVE-2020-4828

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842...