780 matches found
CVE-2017-1322
CVE-2017-1322 affects IBM API Connect 5.0.6.0 (and related versions) with an XML External Entity Injection (XXE) when processing XML data. Root cause: XXE vulnerability in XML parsing that can disclose sensitive information and consume memory/resources. Affected versions include 5.0.6.0; CNVD not...
CVE-2017-1328
IBM API Connect 5.0.0.0–5.0.6.2 contains a security bypass vulnerability (CVE-2017-1328) caused by improper handling of security policy, allowing remote attackers to access APIs without valid credentials. The IBM Security Bulletin documents the affected product and versions, the root cause, and t...
CVE-2017-1322
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...
IBM API Connect Security Bypass Vulnerability
IBM API Connect is an API management solution that addresses all key aspects of the API lifecycle in on-premise and cloud environments. A security bypass vulnerability exists in IBM API Connect. An attacker could use this vulnerability to bypass certain security restrictions and perform...
CVE-2017-1379
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...
Information disclosure
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...
CVE-2017-1379
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...
CVE-2017-1379
IBM API Connect 5.0.0.0–5.0.7.1 is affected by CVE-2017-1379, an information disclosure vulnerability caused by improper handling of Developer Portal requests. Remote attacker could obtain sensitive information. IBM’s bulletin lists affected versions and provides remediation via iFixes containing...
CVE-2017-1379
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...
IBM API Connect Information Disclosure Vulnerability
IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. An information disclosure vulnerability exists in IBM API Connect. A remote attacker could exploit this vulnerability to obtain sensitive...
CVE-2017-1161
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...
CVE-2017-1161
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...
Input validation
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...
CVE-2017-1161
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...
CVE-2016-3012
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
CVE-2016-3012
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
CVE-2016-3012
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
Design/Logic Flaw
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
CVE-2016-3012
IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...
CVE-2016-3012
IBM API Connect (APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes internal server credentials in the toolkit, which could allow remote attackers to bypass access restrictions by using those credentials. Affected products include IBM API Connect with the specified pre‑fix versions. The vu...