CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2020/01/02 5:44 p.m.•38 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Kubernetes(CVE-2019-11253)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11253 DESCRIPTION: Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send...

7.5CVSS1.3AI score0.82787EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2020/01/02 5:21 p.m.•65 views

Security Bulletin: IBM API Connect is vulnerable to denial of service attacks via HTTP/2.

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and...

7.8CVSS0.4AI score0.50822EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2020/01/02 4:47 p.m.•38 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Kubernetes (CVE-2019-11249, CVE-2019-11247)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-11249 DESCRIPTION: The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a t...

8.1CVSS0.2AI score0.02846EPSS

IBM Security Bulletins•added 2019/12/20 8:47 a.m.•22 views

Security Bulletin: API Connect is impacted by credential caching

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4444 DESCRIPTION: IBM API Connect Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials...

5.5CVSS1.9AI score0.00101EPSS

NVD•added 2019/12/18 5:16 p.m.•14 views

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

7.5CVSS6.1AI score0.00134EPSS

OSV•added 2019/12/18 5:16 p.m.•2 views

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

7.5CVSS6.5AI score

Prion•added 2019/12/18 5:16 p.m.•13 views

Code injection

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

5CVSS7.2AI score0.00134EPSS

Cvelist•added 2019/12/18 4:15 p.m.•18 views

CVE-2019-4609

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510...

5.9CVSS7.2AI score0.00134EPSS

CVE•added 2019/12/18 4:15 p.m.•51 views

CVE-2019-4609

CVE-2019-4609 affects IBM API Connect 2018.4.1.7, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The vulnerability stems from usage of insufficient cryptography, potentially impacting confidentiality. Public references confirm ...

7.5CVSS7.2AI score0.00134EPSS

IBM Security Bulletins•added 2019/12/17 5:30 p.m.•54 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in libexpat (CVE-2019-15903)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber...

7.5CVSS0.8AI score0.00203EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2019/12/17 3:48 p.m.•24 views

Security Bulletin: IBM API Connect is potentially impacted by weak cryptographic algorithms(CVE-2019-4609)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4609 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5.9 CVSS Temporal...

7.5CVSS1.8AI score0.00134EPSS

Symantec•added 2019/12/17 12:0 a.m.•32 views

IBM API Connect CVE-2019-4609 Information Disclosure Vulnerability

Description IBM API Connect is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM API Connect 2018.4.1.7 is vulnerable; other versions may also affected. Technologies Affected IBM API...

0.2AI score0.00134EPSS

Exploits0References1Affected Software1

NVD•added 2019/12/16 4:15 p.m.•17 views

CVE-2019-4444

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453...

5.5CVSS5.2AI score0.00101EPSS

OSV•added 2019/12/16 4:15 p.m.•1 views

CVE-2019-4444

5.5CVSS6.1AI score

Prion•added 2019/12/16 4:15 p.m.•13 views

Design/Logic Flaw

2.1CVSS5.3AI score0.00101EPSS

Cvelist•added 2019/12/16 3:45 p.m.•20 views

CVE-2019-4444

5.1CVSS5.4AI score0.00101EPSS

CVE•added 2019/12/16 3:45 p.m.•44 views

CVE-2019-4444

IBM API Connect CVE-2019-4444 affects Developer Portal on versions 2018.1–2018.4.1.7, where the user registration page does not disable password autocomplete. The vulnerability enables a local attacker with access to the browser and local system credentials to steal registration passwords. Remedi...

5.5CVSS5.3AI score0.00101EPSS