40 matches found
CVE-2026-2264
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...
EUVD-2026-31865
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...
CVE-2026-2264
CVE-2026-2264 describes a vulnerability in Google Cloud Apigee SetIntegrationRequest policy enabling remote SSRF and exfiltration of service account tokens. Exploitation required an insecure API proxy configuration; CVSS metrics indicate network access with low complexity, no privileges, and high...
CVE-2026-2264
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...
CVE-2026-2264 Server-Side Request Forgery and Credential Exfiltration in Google Cloud Apigee via SetIntegrationRequest Policy.
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...
CVE-2026-2264 Server-Side Request Forgery and Credential Exfiltration in Google Cloud Apigee via SetIntegrationRequest Policy.
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...
PT-2026-43284
Name of the Vulnerable Software and Affected Versions Google Cloud Apigee affected versions not specified Description A flaw in the SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery SSRF, which is a technique where an attacker forces a server to make...
Google Cloud Apigee 安全漏洞
Google Cloud Apigee is an API management platform provided by Google Inc. It supports features such as API gateways, traffic governance, and interface security management. There are security vulnerabilities in Google Cloud Apigee. These vulnerabilities stem from allowing remote attackers to execu...
Mapping Your API Ecosystem: Wiz Expands API Discovery with Apigee
See your full Apigee architecture on the Wiz Security Graph, from API gateways and environments to every endpoint and its authorization scheme...
CVE-2025-13292
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13426
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...
EUVD-2025-201511
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292 Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access.
A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...
CVE-2025-13292
CVE-2025-13292 affects Google Apigee-X, enabling cross-tenant unauthorized read/write access to Apigee Analytics data and logs due to improper access control. Patched in version 1-16-0-apigee-3; no user action required. Evidence confirms affected product, impact, and patch; exploitation details a...
EUVD-2025-201493
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...
PT-2025-49328
Name of the Vulnerable Software and Affected Versions Apigee-X versions prior to 1-16-0-apigee-3 Description A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations...
Google Apigee-X 安全漏洞
Google Apigee-X is a next-generation API management platform from Google Inc USA. A security vulnerability exists in Google Apigee-X that stems from improper authorization and could lead to unauthorized data access...
CVE-2025-13426
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute...