Lucene search
K

780 matches found

CVE
CVE
added 2017/06/27 4:0 p.m.51 views

CVE-2017-1322

CVE-2017-1322 affects IBM API Connect 5.0.6.0 (and related versions) with an XML External Entity Injection (XXE) when processing XML data. Root cause: XXE vulnerability in XML parsing that can disclose sensitive information and consume memory/resources. Affected versions include 5.0.6.0; CNVD not...

8.2CVSS7.9AI score0.02336EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/06/27 4:0 p.m.50 views

CVE-2017-1328

IBM API Connect 5.0.0.0–5.0.6.2 contains a security bypass vulnerability (CVE-2017-1328) caused by improper handling of security policy, allowing remote attackers to access APIs without valid credentials. The IBM Security Bulletin documents the affected product and versions, the root cause, and t...

5.3CVSS5.2AI score0.01741EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/06/27 4:0 p.m.25 views

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

8AI score0.02336EPSS
Exploits0References3
CNVD
CNVD
added 2017/06/27 12:0 a.m.5 views

IBM API Connect Security Bypass Vulnerability

IBM API Connect is an API management solution that addresses all key aspects of the API lifecycle in on-premise and cloud environments. A security bypass vulnerability exists in IBM API Connect. An attacker could use this vulnerability to bypass certain security restrictions and perform...

5.3CVSS6.7AI score0.01741EPSS
Exploits0References1
NVD
NVD
added 2017/06/15 1:29 p.m.17 views

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

7.5CVSS7.2AI score0.02031EPSS
Exploits0References3
Prion
Prion
added 2017/06/15 1:29 p.m.16 views

Information disclosure

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

5CVSS7.1AI score0.02031EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/06/15 1:29 p.m.5 views

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

7.5CVSS5.8AI score0.02031EPSS
Exploits0References3
CVE
CVE
added 2017/06/15 1:0 p.m.54 views

CVE-2017-1379

IBM API Connect 5.0.0.0–5.0.7.1 is affected by CVE-2017-1379, an information disclosure vulnerability caused by improper handling of Developer Portal requests. Remote attacker could obtain sensitive information. IBM’s bulletin lists affected versions and provides remediation via iFixes containing...

7.5CVSS7.2AI score0.02031EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/06/15 1:0 p.m.22 views

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002...

7.2AI score0.02031EPSS
Exploits0References3
CNVD
CNVD
added 2017/06/15 12:0 a.m.5 views

IBM API Connect Information Disclosure Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. An information disclosure vulnerability exists in IBM API Connect. A remote attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS6.3AI score0.02031EPSS
Exploits0References1
OSV
OSV
added 2017/04/17 9:59 p.m.4 views

CVE-2017-1161

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...

7.3CVSS6.1AI score0.01495EPSS
Exploits0References2
NVD
NVD
added 2017/04/17 9:59 p.m.21 views

CVE-2017-1161

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...

7.5CVSS7.5AI score0.01495EPSS
Exploits0References2
Prion
Prion
added 2017/04/17 9:59 p.m.18 views

Input validation

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...

7.5CVSS7.4AI score0.01495EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/04/17 9:0 p.m.23 views

CVE-2017-1161

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the...

7.5AI score0.01495EPSS
Exploits0References2
NVD
NVD
added 2016/12/01 11:59 a.m.23 views

CVE-2016-3012

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

7.5CVSS6.9AI score0.01673EPSS
Exploits0References2
OSV
OSV
added 2016/12/01 11:59 a.m.4 views

CVE-2016-3012

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

7.5CVSS5.9AI score0.01673EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2016/12/01 11:59 a.m.5 views

CVE-2016-3012

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

7.5CVSS5.6AI score0.01673EPSS
Exploits0References3
Prion
Prion
added 2016/12/01 11:59 a.m.18 views

Design/Logic Flaw

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

5CVSS7AI score0.01673EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2016/12/01 11:0 a.m.26 views

CVE-2016-3012

IBM API Connect aka APIConnect before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials...

7.1AI score0.01673EPSS
Exploits0References2
CVE
CVE
added 2016/12/01 11:0 a.m.54 views

CVE-2016-3012

IBM API Connect (APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes internal server credentials in the toolkit, which could allow remote attackers to bypass access restrictions by using those credentials. Affected products include IBM API Connect with the specified pre‑fix versions. The vu...

7.5CVSS7.4AI score0.01673EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder