IBM API Connect CVE-2019-4444 Local Information Disclosure Vulnerability

Description IBM API Connect is prone to a local information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IBM API Connect 2018.4.1.0 through 2018.4.1.7 are vulnerable. Technologies Affected IBM API Connect 2018.4.1 IB...

CVE-2019-4600

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883...

CVE-2019-4600

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883...

Design/Logic Flaw

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883...

CVE-2019-4600

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883...

CVE-2019-4600

CVE-2019-4600 is an information-disclosure vulnerability in IBM API Connect, affecting versions 5.0.0.0 through 5.0.8.7. A specially crafted HTTP request could reveal sensitive information. According to IBM’s security bulletin, the issue impacts the Developer Portal in API Connect and is addresse...

Security Bulletin: IBM API Connect's Developer Portal(V5) is impacted by a a confidential information leak(CVE-2019-4600)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4600 DESCRIPTION: IBM API Connect could reveal sensitive information to an attacker using a specially crafted HTTP request. CVSS Base Score: 5.3 CVSS Temporal Score: See for the current score...

IBM API Connect CVE-2019-4600 Information Disclosure Vulnerability

Description IBM API Connect is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. IBM API Connect 5.0.0.0 through 5.0.8.7 are vulnerable. Technologies Affected IBM API Connect 5.0.0.0 IBM API Connec...

Security Bulletin: Vulnerability identified in OpenSSL shipped with IBM API Connect (CVE-2016-8610)

Summary An SSL vulnerability was disclosed by the OpenSSL Project. IBM API Connect has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL...

IBM API Connect Path Traversal Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. A path traversal vulnerability exists in IBM API Connect. An attacker could exploit this...

CVE-2019-4437

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947...

CVE-2019-4437

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947...

Code injection

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947...

CVE-2019-4437

IBM API Connect 2018.1–2018.4.1.6 contains an information-disclosure vulnerability where sensitive details about internal servers and networks can be exposed via the API Swagger portal. The root cause is addressed in fixpack 2018.4.1.7 for the API Connect 2018.x line (management server fix). Affe...

CVE-2019-4437

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947...

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 163681...

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 163681...

CVE-2019-4402

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263...

CVE-2019-4402

IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263...

Design/Logic Flaw

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 163681...