Lucene search
K

447 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 11:4 p.m.38 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix2 Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CWE:CWE-787: Out-of-bounds Write CVSS...

9.8CVSS9.8AI score0.93305EPSS
Exploits5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.7 views

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

6.2CVSS6.1AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.12 views

CVE-2023-28522

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

8.8CVSS6.2AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.5 views

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

7.5CVSS6.7AI score0.00645EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:40 a.m.73 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix1 Vulnerability Details CVEID:CVE-2025-1974 DESCRIPTION: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve...

9.8CVSS9.8AI score0.99098EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:43 a.m.84 views

Security Bulletin: IBM API Connect is impacted by host header injection vulnerability (CVE-2021-38997)

Summary IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997. Vulnerability Details CVEID:CVE-2021-38997 DESCRIPTION: IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOS...

5.4CVSS5.4AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/15 12:18 a.m.113 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2 Vulnerability Details CVEID:CVE-2024-21236 DESCRIPTION: Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated...

8.9CVSS9.7AI score0.91969EPSS
Exploits59Affected Software1
OSV
OSV
added 2023/12/09 3:15 a.m.1 views

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

5.5CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2023/05/12 2:15 a.m.23 views

Code injection

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

6.5CVSS8.2AI score0.00513EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/12 1:22 a.m.8 views

CVE-2023-28522 IBM API Connect improper access control

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

4.3CVSS6.2AI score0.00513EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/23 7:39 p.m.60 views

Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

Summary IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522. Vulnerability Details CVEID:CVE-2023-28522 DESCRIPTION: IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. CVSS Base score: 4.3 CVSS...

8.8CVSS6AI score0.00513EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/02/08 8:15 p.m.21 views

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

7.5CVSS6.3AI score0.00645EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 7:12 p.m.61 views

CVE-2022-34350

CVE-2022-34350 – IBM API Connect is affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. Affected versions: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.20. The issue can induce the application to perform server-side DNS ...

7.5CVSS6.3AI score0.00645EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/08 7:12 p.m.6 views

CVE-2022-34350 IBM API Connect security bypass

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

5.3CVSS6.8AI score0.00645EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 12:30 a.m.31 views

Security Bulletin: IBM API Connect is impacted by an external service interaction vulnerability (CVE-2022-34350)

Summary IBM API Connect has addressed the following external service interaction vulnerability CVE-2022-34350. Vulnerability Details CVEID:CVE-2022-34350 DESCRIPTION: IBM API Connect is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remo...

7.5CVSS6.3AI score0.00645EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/12/12 9:15 a.m.3 views

CVE-2021-38997

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.4CVSS5.7AI score0.00381EPSS
Exploits0References2
Prion
Prion
added 2022/12/12 9:15 a.m.17 views

Cross site scripting

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.5CVSS5.2AI score0.00381EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/01 5:0 p.m.7 views

CVE-2021-38997 IBM API Connect HOST header injection

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.4CVSS6.4AI score0.00381EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 12:42 a.m.74 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...

7.5CVSS8AI score0.17673EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.5 views

PT-2022-10836 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.19 Description: The issue is caused by improper validation of input by the HOST headers...

5.4CVSS5.5AI score0.00381EPSS
Exploits0References4
Rows per page
Query Builder