CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2020/05/12 2:15 p.m.•13 views

CVE-2020-4195

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

5.4CVSS5.4AI score0.00086EPSS

NVD•added 2020/05/12 2:15 p.m.•10 views

CVE-2020-4346

5.3CVSS5.1AI score0.00174EPSS

Prion•added 2020/05/12 2:15 p.m.•18 views

Design/Logic Flaw

3.5CVSS5.4AI score0.00086EPSS

Prion•added 2020/05/12 2:15 p.m.•16 views

Code injection

5CVSS5AI score0.00174EPSS

CVE•added 2020/05/12 1:40 p.m.•46 views

CVE-2020-4346

CVE-2020-4346 affects IBM API Connect: management server with versions 2018.4.1.0–2018.4.1.10 contains an unsecured API that allows an unauthenticated attacker to obtain sensitive information. The issue is documented by IBM and is associated with a CVSS ~5.3 (medium) overall impact, reflecting in...

5.3CVSS5AI score0.00174EPSS

Cvelist•added 2020/05/12 1:40 p.m.•15 views

CVE-2020-4346

5.3CVSS5.1AI score0.00174EPSS

Cvelist•added 2020/05/12 1:40 p.m.•17 views

CVE-2020-4195

5.4CVSS5.4AI score0.00086EPSS

CVE•added 2020/05/12 1:40 p.m.•40 views

CVE-2020-4195

CVE-2020-4195 affects IBM API Connect: API Connect V2018.4.1.0–2018.4.1.10 vulnerable to clickjacking via a malicious website, enabling a remote actor to hijack the user’s click actions. The IBM security bulletin confirms remediation in V2018.4.1.11 (addressed) and provides the upgrade path (2018...

5.4CVSS5.4AI score0.00086EPSS

IBM Security Bulletins•added 2020/05/11 6:45 p.m.•34 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes (CVE-2019-11254)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11254 DESCRIPTION: Kubernetes is vulnerable to a denial of service, caused by a flaw in kube-apiserver. By sending a specially-crafted request using YAML payloads, a remote authenticated...

6.5CVSS1.3AI score0.00121EPSS

IBM Security Bulletins•added 2020/05/11 6:11 p.m.•15 views

Security Bulletin: IBM API Connect is vulnerable to sensitive information leak (CVE-2020-4346)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4346 DESCRIPTION: IBM API Connect's management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. CVSS Base score: 5.3 CVSS...

5.3CVSS0.8AI score0.00174EPSS

IBM Security Bulletins•added 2020/05/11 6:5 p.m.•39 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Node.js(CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-15604 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper certificate validation. By sending a specially-crafted X.509 certificate, a remote attacker could exploit th...

9.8CVSS0.8AI score0.32252EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2020/05/11 5:59 p.m.•17 views

Security Bulletin: IBM API Connect is vulnerable to clickjacking (CVE-2020-4195)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4195 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could explo...

5.4CVSS1.7AI score0.00086EPSS

IBM Security Bulletins•added 2020/05/11 5:53 p.m.•30 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in NGINX (CVE-2019-20372)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-20372 DESCRIPTION: NGINX could allow a remote attacker to obtain sensitive information, caused by a flaw in certain errorpage configurations. By sending a specially crafted request, a remote...

5.3CVSS1.8AI score0.69569EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2020/05/11 5:36 p.m.•50 views

Security Bulletin: IBM API Connect is vulnerable to vulnerabilities in PHP (CVE-2020-7061, CVE-2020-7062, CVE-2020-7063)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7061 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an error while extracting PHAR files on Windows using phar extension. An attacker could exploit...

9.1CVSS0.5AI score0.03088EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2020/05/11 5:22 p.m.•43 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in PHP (CVE-2019-11045, CVE-2019-11044, CVE-2019-11046)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-11045 DESCRIPTION: PHP could allow a remote attacker to bypass security restrictions, caused by an issue when DirectoryIterator class accepts filenames with embedded \0 byte and treats them ...

7.5CVSS0.9AI score0.41483EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2020/05/11 5:1 p.m.•12 views

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to cross-site scripting.

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 178183 DESCRIPTION: Drupal core cross-site scripting CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178183 for the current score. CVSS...

0.5AI score