772 matches found
Design/Logic Flaw
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859...
Cross site scripting
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079...
CVE-2017-1785
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859...
CVE-2018-1382
IBM API Connect is affected by CVE-2018-1382, a cross-site scripting vulnerability in the Web UI. The issue impacts API Connect 5.0.0.0 through 5.0.8.1, enabling an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. The public documents specify ...
CVE-2017-1785
CVE-2017-1785 affects IBM API Connect 5.0.7.0–5.0.7.2 and 5.0.8.0–5.0.8.1. An authenticated remote user could modify query parameters to obtain sensitive information, indicating an information-disclosure vulnerability in the API Portal. The IBM Security Bulletin notes remediation in V5.0.8.2 (API...
CVE-2018-1382
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079...
Code injection
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...
Design/Logic Flaw
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...
CVE-2017-1551
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...
CVE-2017-1555
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...
CVE-2017-1551
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...
CVE-2017-1555
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...
CVE-2017-1555
CVE-2017-1555 affects IBM API Connect 5.0.0.0 through 5.0.7.2, where an authenticated user could generate an API token without being subscribed to the application plan. The NVD entry records CVSS v3.0 base score 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). IBM’s security bulletin confirms the vulne...
CVE-2017-1551
Summary: CVE-2017-1551 affects IBM API Connect 5.0.0.0–5.0.6.3 and 5.0.7.0–5.0.7.2. A remote attacker could entice a victim to visit a malicious site to hijack the victim’s click actions (Cross Frame Scripting). Impact (as stated): potential to hijack click-to-action with possible further attacks...
CVE-2017-1551
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...
CVE-2017-1556
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
Code injection
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
CVE-2017-1556
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
CVE-2017-1556
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
CVE-2017-1556
CVE-2017-1556 affects IBM API Connect versions 5.0.7.0–5.0.7.2. The vulnerability is a regular expression attack that could allow an authenticated attacker to provide inputs via regex to slow down or hang the system. IBM’s security bulletin notes the affected product and versions, with a fixed re...