EUVD-2021-1040

Malware in sbrugna...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

GHSA-C9M9-48PW-6MPV apiconnect-cli-plugins vulnerable to OS Command Injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument. PoC js var root = require"apiconnect-cli-plugins"; var payload = "& touch Song &"; root.pluginLoader.installPluginpayload, ""; The injection point is...

apiconnect-cli-plugins vulnerable to OS Command Injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument. PoC js var root = require"apiconnect-cli-plugins"; var payload = "& touch Song &"; root.pluginLoader.installPluginpayload, ""; The injection point is...

apiconnect (>=1.0.1 <=4.0.29), apiconnect-cli-test-support (=3.0.0) +3 more potentially affected by CVE-2020-7633 via apiconnect-cli-plugins (>=1.1.1 <=5.0.1)

apiconnect-cli-plugins NPM version =1.1.1, =1.0.1, =1.1.6, =2.8.29, =1.0.5, =2.2.11 Source cves: CVE-2020-7633 Source advisory: OSV:GHSA-C9M9-48PW-6MPV...

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...

OS Command Injection

apiconnect-cli-plugins is vulnerable to OS command injection. The vulnerability exists the values of pluginUri is not sanitized and can be controlled by users...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

Command injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

CVE-2020-7633

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument...

CVE-2020-7633

CVE-2020-7633 affects the IBM API Connect plugin package apiconnect-cli-plugins up to version 6.0.1. The vulnerability is a Command Injection caused by lack of sanitization of the pluginUri parameter, enabling execution of arbitrary commands. Public references provide a PoC showing how an attacke...

apic-apiconnect (>=1.1.0 <=1.1.1), apic-discount (=1.0.0) +7 more potentially affected by CVE-2020-7633 via apiconnect-cli-plugins (>=1.1.1 <=8.0.1)

apiconnect-cli-plugins NPM version =1.1.1, =1.1.0, =1.0.1, =1.1.6, =1.0.0, =2.8.29, =1.0.5, =2.2.11 Source cves: CVE-2020-7633 Source advisory: SNYK:JS-APICONNECTCLIPLUGINS-564427...

Security Bulletin: API Connect is affected by a cross-site scripting vulnerability CVE-2018-1382

Summary API Connect has addressed the following vulnerability. IBM API Connect is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality, potentially leading to credentials disclosure within a...

CVE-2016-3012

IBM API Connect (APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes internal server credentials in the toolkit, which could allow remote attackers to bypass access restrictions by using those credentials. Affected products include IBM API Connect with the specified pre‑fix versions. The vu...