XSS, CSRF Vulnerabilities identitified in WSO2 Identity Server

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially expose subsequent internal servers to further attacks. The open source server software helps developers manage identities and keep track of web apps, services an...

IBM API Management Information Disclosure Vulnerability (CNVD-2015-01840)

IBM API Management is IBM's complete solution to help organizations securely create, manage and connect application program interfaces APIs to extend their products and services to a variety of mobile channels. IBM API Management 3.0.4.1 A vulnerability exists in the previous version 3.0 that...

CVE-2015-0149

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls...

CVE-2015-0149

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls...

CVE-2015-0149

IBM API Management 3.0 before 3.0.4.1 has an access-control weakness in its developer portal, failing to restrict access to public and private APIs, enabling remote authenticated users to view or modify data via unspecified API calls. Root cause: insufficient API access restrictions. Affected: IB...

IBM API Management Information Disclosure Vulnerability (CNVD-2015-00567)

IBM API Management is IBM's complete solution to help organizations securely create, manage and connect application program interfaces APIs to extend their products and services to a variety of mobile channels. An information disclosure vulnerability exists in IF1, version 3.0 prior to IBM API...

CVE-2014-6172

IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors...

Code injection

IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors...

CVE-2014-6172

IBM API Management 3.0 before 3.0.4.0 IF1 contains an information disclosure vulnerability that lets remote attackers obtain sensitive analytics data in encrypted form via unspecified vectors. The available sources (NVD/CNVD/related entries) confirm the affected product and version range but do n...

CVE-2014-6172

IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors...

CVE-2014-6133

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors...

Code injection

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors...

CVE-2014-6133

IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors...

CVE-2014-6133

CVE-2014-6133 affects IBM API Management 3.x before 3.0.1.0. The vulnerability allows local users to obtain sensitive ciphertext information via unspecified vectors. The connected documents do not specify the root cause, exact vulnerable component, exploit details, or remediation steps in the pro...

CVE-2014-3036

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors...

CVE-2014-3036

The CVE-2014-3036 entry concerns IBM API Management 3.0.0.0. It describes an unspecified vulnerability where, when basic authentication is used for APIs, remote attackers could bypass topology-access restrictions and obtain sensitive information via unknown vectors. The available sources (NVD and...

CVE-2014-3036

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors...

CVE-2013-0559

Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors...

Code injection

Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors...