Lucene search
+L

782 matches found

Cvelist
Cvelist
added 2023/02/08 7:12 p.m.25 views

CVE-2022-34350 IBM API Connect security bypass

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to...

5.3CVSS7.5AI score0.00645EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 7:12 p.m.63 views

CVE-2022-34350

CVE-2022-34350 – IBM API Connect is affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. Affected versions: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.20. The issue can induce the application to perform server-side DNS ...

7.5CVSS6.3AI score0.00645EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.7 views

IBM API Connect 输入验证错误漏洞

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from International Business Machines IBM. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect that stems from...

7.5CVSS6.7AI score0.00645EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 12:30 a.m.31 views

Security Bulletin: IBM API Connect is impacted by an external service interaction vulnerability (CVE-2022-34350)

Summary IBM API Connect has addressed the following external service interaction vulnerability CVE-2022-34350. Vulnerability Details CVEID:CVE-2022-34350 DESCRIPTION: IBM API Connect is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remo...

7.5CVSS6.3AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/16 7:0 p.m.43 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling (CVE-2022-35256)

Summary This issue may affect the management interface for the API Connect Gateway Service. IBM has addressed the CVE. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not...

6.5CVSS7.9AI score0.02587EPSS
Exploits1Affected Software1
NVD
NVD
added 2022/12/12 9:15 a.m.26 views

CVE-2021-38997

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.4CVSS0.00381EPSS
Exploits0References2
OSV
OSV
added 2022/12/12 9:15 a.m.3 views

CVE-2021-38997

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.4CVSS5.7AI score0.00381EPSS
Exploits0References2
Prion
Prion
added 2022/12/12 9:15 a.m.18 views

Cross site scripting

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.5CVSS5.2AI score0.00381EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 8:16 p.m.61 views

Security Bulletin: API Connect is impacted by a vulnerability in OpenSSL (CVE-2022-3602, CVE-2022-3786)

Summary IBM API Connect has addressed the following vulnerability in OpenSSL CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By...

7.5CVSS8.3AI score0.92488EPSS
Exploits6Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/01 5:0 p.m.8 views

CVE-2021-38997 IBM API Connect HOST header injection

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.4CVSS6.4AI score0.00381EPSS
Exploits0References2
CVE
CVE
added 2022/12/01 5:0 p.m.80 views

CVE-2021-38997

IBM API Connect is affected by CVE-2021-38997 through multiple version ranges: 10.0.0.0–10.0.5.0, 10.0.1.0–10.0.1.7, and 2018.4.1.0–2018.4.1.19. The root cause is improper validation of input in the HOST header, leading to HTTP header injection. Reported impacts include cross-site scripting, cach...

5.4CVSS5.3AI score0.00381EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/01 5:0 p.m.27 views

CVE-2021-38997 IBM API Connect HOST header injection

IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

5.4CVSS5.5AI score0.00381EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 12:42 a.m.74 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library (CVE-2022-34169)

Summary IBM API Connect is impacted by a vulnerability in Apache Xalan Java XSLT library. IBM API Connect has addressed the vulnerability in CVE-2022-34169. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrar...

7.5CVSS8AI score0.33623EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.7 views

PT-2022-10836 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.19 Description: The issue is caused by improper validation of input by the HOST headers...

5.4CVSS5.5AI score0.00381EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 10:13 p.m.67 views

Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary A vulnerable version of JQuery-UI was used by API Connect. The fix includes updated JQuery-UI which addresses CVE-2021-41184, CVE-2021-41183, and CVE-2021-41182. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

6.5CVSS6.4AI score0.44515EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 10:10 p.m.62 views

Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)

Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.9CVSS6.7AI score0.99019EPSS
Exploits19Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/23 12:0 a.m.3 views

PT-2022-6311 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.20 Description: The issue is caused by improper validation of user-supplied input,...

7.5CVSS7.4AI score0.00645EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/05 4:59 p.m.40 views

Security Bulletin: API Connect V10 is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)

Summary IBM API Connect V10 is vulnerable to a remote code execution in Spring Framework CVE-2022-22965 as it meets all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast to a Spring Boot executable jar, 4. Spring-webmvc or...

9.8CVSS0.7AI score0.99677EPSS
Exploits103Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/19 12:6 a.m.96 views

Security Bulletin: API Connect is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832)

Summary Apache Log4j is used by API Connect as part of its logging and analytics infrastructure. The fix includes Apache Log4j 2.17.1 which addresses CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial ...

10CVSS1.2AI score0.99999EPSS
Exploits361Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 10:21 p.m.21 views

Security Bulletin: IBM API Connect V5 is impacted by multiple vulnerabilities in Java SE (CVE-2020-14782)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact,...

4.3CVSS4.6AI score0.02272EPSS
Exploits0Affected Software1
Rows per page
Query Builder