Lucene search
K

780 matches found

NVD
NVD
added 2023/12/09 3:15 a.m.20 views

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

6.2CVSS0.00237EPSS
Exploits0References2
OSV
OSV
added 2023/12/09 3:15 a.m.2 views

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

5.5CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2023/12/09 3:15 a.m.18 views

Design/Logic Flaw

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

1.7CVSS6.2AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/09 2:32 a.m.25 views

CVE-2023-47722 IBM API Connect information disclosure

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912...

6.2CVSS6AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 2023/12/09 2:32 a.m.52 views

CVE-2023-47722

IBM API Connect vulnerability CVE-2023-47722 affects API Connect versions 10.0.5.3 and 10.0.6.0, where user credentials are stored in the browser cache and can be read by a local user. The issue is described in IBM security advisories and Red Hat/NVD entries, with a base CVSS v3.1 score of 5.5–6....

6.2CVSS5.3AI score0.00237EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/04 9:40 p.m.25 views

Security Bulletin: API Connect V10 is vulnerable to credential exposure

Summary IBM API Connect V10 stores user credentials in browser cache which can be read by a local user CVE-2023-47722 Vulnerability Details CVEID:CVE-2023-47722 DESCRIPTION: IBM API Connect V10 stores user credentials in browser cache which can be read by a local user. CVSS Base score: 6.2 CVSS...

6.2CVSS5.3AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 7:56 p.m.50 views

Security Bulletin: IBM API Connect is vulnerable to OpenSSL vulnerabilities (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Summary IBM API Connect has addressed the following information disclosure and denial of service vulnerabilities in OpenSSL CVE-2022-4304, CVE-2023-0215, and CVE-2023-0286. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information...

7.5CVSS7.9AI score0.59501EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/05/12 2:15 a.m.25 views

CVE-2023-28522

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

8.8CVSS6.1AI score0.00513EPSS
Exploits0References2
Prion
Prion
added 2023/05/12 2:15 a.m.23 views

Code injection

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

6.5CVSS8.2AI score0.00513EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/12 1:22 a.m.23 views

CVE-2023-28522 IBM API Connect improper access control

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

4.3CVSS8.3AI score0.00513EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/12 1:22 a.m.8 views

CVE-2023-28522 IBM API Connect improper access control

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585...

4.3CVSS6.2AI score0.00513EPSS
Exploits0References2
CVE
CVE
added 2023/05/12 1:22 a.m.68 views

CVE-2023-28522

CVE-2023-28522 affects IBM API Connect V10 and is an improper access control vulnerability that could allow an authenticated user to perform actions they should not have access to. The IBM Security Bulletin (and related entries) confirm the issue in API Connect V10.x and provide remediation paths...

8.8CVSS6.1AI score0.00513EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.4 views

IBM API Connect 安全漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect version V10 that...

8.8CVSS8.4AI score0.00513EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/23 7:39 p.m.60 views

Security Bulletin: IBM API Connect is impacted by an improper access control vulnerability (CVE-2023-28522)

Summary IBM API Connect has addressed the following improper access control vulnerability CVE-2023-28522. Vulnerability Details CVEID:CVE-2023-28522 DESCRIPTION: IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. CVSS Base score: 4.3 CVSS...

8.8CVSS6AI score0.00513EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/02/09 12:0 a.m.25 views

Unspecified Vulnerability in IBM API Connect (CNVD-2023-09609)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect that stems from...

7.5CVSS7.5AI score0.00645EPSS
Exploits0References1
NVD
NVD
added 2023/02/08 8:15 p.m.21 views

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

7.5CVSS6.3AI score0.00645EPSS
Exploits0References2
Prion
Prion
added 2023/02/08 8:15 p.m.23 views

Input validation

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

5CVSS7.4AI score0.00645EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/08 7:12 p.m.61 views

CVE-2022-34350

CVE-2022-34350 – IBM API Connect is affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. Affected versions: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.20. The issue can induce the application to perform server-side DNS ...

7.5CVSS6.3AI score0.00645EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/08 7:12 p.m.6 views

CVE-2022-34350 IBM API Connect security bypass

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

5.3CVSS6.8AI score0.00645EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/08 7:12 p.m.23 views

CVE-2022-34350 IBM API Connect security bypass

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

5.3CVSS7.5AI score0.00645EPSS
Exploits0References2
Rows per page
Query Builder