780 matches found
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...
Design/Logic Flaw
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...
CVE-2023-47722 IBM API Connect information disclosure
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...
CVE-2023-47722
IBM API Connect vulnerability CVE-2023-47722 affects API Connect versions 10.0.5.3 and 10.0.6.0, where user credentials are stored in the browser cache and can be read by a local user. The issue is described in IBM security advisories and Red Hat/NVD entries, with a base CVSS v3.1 score of 5.5–6....
Security Bulletin: API Connect V10 is vulnerable to credential exposure
Summary IBM API Connect V10 stores user credentials in browser cache which can be read by a local user CVE-2023-47722 Vulnerability Details CVEID:CVE-2023-47722 DESCRIPTION: IBM API Connect V10 stores user credentials in browser cache which can be read by a local user. CVSS Base score: 6.2 CVSS...
Security Bulletin: IBM API Connect is vulnerable to OpenSSL vulnerabilities (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)
Summary IBM API Connect has addressed the following information disclosure and denial of service vulnerabilities in OpenSSL CVE-2022-4304, CVE-2023-0215, and CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information...
CVE-2023-28522
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...
Code injection
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...
CVE-2023-28522 IBM API Connect improper access control
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...
CVE-2023-28522 IBM API Connect improper access control
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...
CVE-2023-28522
CVE-2023-28522 affects IBM API Connect V10 and is an improper access control vulnerability that could allow an authenticated user to perform actions they should not have access to. The IBM Security Bulletin (and related entries) confirm the issue in API Connect V10.x and provide remediation paths...
IBM API Connect 安全漏洞
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version V10 that...
Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)
Summary IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522. Vulnerability Details CVEID:CVE-2023-28522 DESCRIPTION: IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. CVSS Base score: 4.3 CVSS...
Unspecified Vulnerability in IBM API Connect (CNVD-2023-09609)
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect that stems from...
CVE-2022-34350
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
Input validation
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
CVE-2022-34350
CVE-2022-34350 – IBM API Connect is affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. Affected versions: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.20. The issue can induce the application to perform server-side DNS ...
CVE-2022-34350 IBM API Connect security bypass
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...
CVE-2022-34350 IBM API Connect security bypass
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...