CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

772 matches found

CVE•added 2021/02/04 4:55 p.m.•47 views

CVE-2020-4825

Summary. CVE-2020-4825 is an IBM API Connect cross-site scripting flaw affecting IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13. The underlying issue is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript in a trusted session...

5.4CVSS5.2AI score0.00158EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/02/04 4:55 p.m.•15 views

CVE-2020-4825

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

5.4CVSS5.2AI score0.00158EPSS

Exploits0References2

IBM Security Bulletins•added 2021/02/04 12:57 a.m.•18 views

Security Bulletin: IBM API Connect is impacted by insecure web server configuration (CVE-2020-4825)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4825 DESCRIPTION: IBM API Connect is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...

5.4CVSS1.4AI score0.00158EPSS

Exploits0Affected Software1

CNVD•added 2021/02/04 12:0 a.m.•5 views

IBM API Connect Cross-Site Request Forgery Vulnerability (CNVD-2021-09301)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. IBM API Connect suffers from a cross-site request forgery vulnerability, which arises from a WEB...

4.3CVSS6.5AI score0.0009EPSS

Exploits0References1

CNNVD•added 2021/02/04 12:0 a.m.•4 views

IBM API Connect 跨站脚本漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site scripting vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit the vulnerability to embed arbitrary JavaScript code in the web UI that can alter the intende...

5.4CVSS6.1AI score0.00158EPSS

Exploits0References2

IBM Security Bulletins•added 2021/02/02 4:52 p.m.•15 views

Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CVE-2020-4826)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4826 DESCRIPTION: IBM API Connect is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websi...

4.3CVSS0.9AI score0.0009EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 2:58 p.m.•26 views

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to arbitrary code excution in Drupal Core (CVE-2020-13671)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13671 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly sanitize certain filenames on uploaded files. By...

8.8CVSS1.3AI score0.02599EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 2:28 p.m.•16 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Java SE (CVE-2020-14782)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact,...

4.3CVSS1.5AI score0.00112EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 2:19 p.m.•21 views

Security Bulletin: IBM API Connect is vulnerable to web cache poisoning (CVE-2020-4828)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4828 DESCRIPTION: IBM API Connect is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. CVSS Base score: 6.5 CVSS Temporal Score: See:...

6.5CVSS1.6AI score0.00158EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 2:14 p.m.•18 views

Security Bulletin: IBM API Connect is vulnerable to cross-site request forgery (CSRF) (CVE-2020-4827)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4827 DESCRIPTION: IBM API Connect is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websi...

4.3CVSS1.1AI score0.0009EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 1:55 p.m.•33 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this...

7.8CVSS1.1AI score0.04991EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 1:46 p.m.•28 views

Security Bulletin: IBM API Connect's Developer Portal is impacted by multiple vulnerabilities in Drupal core.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13669 DESCRIPTION: Drupal core is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the built-in CKEditor image caption functionality. A remote...

7.5CVSS0.6AI score0.00509EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 1:37 p.m.•39 views

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-15106 DESCRIPTION: etcd is vulnerable to a denial of service, caused by improper data validation in the decodeRecord method. By sending a specially crafted data, a remote authenticated attacke...

7.1CVSS1.2AI score0.00149EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 1:30 p.m.•15 views

Security Bulletin: IBM API Connect is vulnerable to sensitive information leak (CVE-2020-4640)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4640 DESCRIPTION: Certain IBM API Connect configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like prox...

4.1CVSS1.5AI score0.00076EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2021/02/02 1:19 p.m.•33 views

Security Bulletin: API Connect is impacted by a denial of service (DoS) vulnerability in Node.js (CVE-2020-11080)

Summary IBM API Connect has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending overly large HTTP/2 SETTIN...

7.5CVSS0.9AI score0.01247EPSS

Exploits0Affected Software1

CNNVD•added 2021/02/02 12:0 a.m.•2 views

IBM API Connect 跨站请求伪造漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A cross-site request forgery vulnerability exists in IBM API Connect 10.0.0.0 - 10.0.1.0, 2018.4.1.0 - 2018.4.1.13. An attacker can exploit this vulnerability to perform malicious and unauthorized actions transmitted from a use...

4.3CVSS5.7AI score0.0009EPSS

Exploits0References5

IBM Security Bulletins•added 2021/01/13 7:42 p.m.•19 views

Security Bulletin: IBM API Connect V5 Developer Portal is vulnerable to cross-site scripting (CVE-2020-4838)

Summary IBM API Connect has addressed the following vulnerability Vulnerability Details CVEID: CVE-2020-4838 DESCRIPTION: IBM API Connect is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

6.4CVSS1.5AI score0.00092EPSS

Exploits0Affected Software1

CNVD•added 2021/01/13 12:0 a.m.•3 views

IBM API Connect Cross-Site Scripting Execution Vulnerability

IBM API Connect is an integrated API management product service where you can perform all the steps in the API lifecycle as well as actions throughout the API lifecycle. A cross-site script execution vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.10. An attacker could...

6.9AI score

Exploits0References1

NVD•added 2021/01/12 3:15 p.m.•12 views

CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

6.4CVSS5.3AI score0.00092EPSS

Exploits0References2

OSV•added 2021/01/12 3:15 p.m.•1 views

CVE-2020-4838

5.4CVSS5.5AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by