81 matches found
CVE-2018-1548
CVE-2018-1548 affects IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4, causing information disclosure to an authenticated user. The connected documents confirm the vulnerable product and versions, and state that the vulnerability could allow access to sensitive information....
CVE-2018-1874
CVE-2018-1874 affects IBM API Connect versions 5.0.0.0–5.0.8.5 and could display highly sensitive information to an attacker with physical access, due to an information-disclosure path exposed by insecure caching. The vulnerability is documented with a CVSS v3 base score of 4.6 (MEDIUM) and a CVS...
CVE-2019-4008
CVE-2019-4008 affects IBM API Connect V2018.1–2018.4.1.1. The issue is an access token leak where authorization tokens in some URLs could be written to log files, enabling disclosure of credentials. Affected product: IBM API Connect (API Management) 2018.x. Root cause: tokens exposed via logging ...
CVE-2020-4640
IBM API Connect is affected by CVE-2020-4640 for configurations of IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, which can leak sensitive data in URL fragment identifiers cached by intermediaries. The IBM security bulletin lists affected versions and that remediation is available:...
CVE-2020-4825
Summary. CVE-2020-4825 is an IBM API Connect cross-site scripting flaw affecting IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13. The underlying issue is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript in a trusted session...
CVE-2020-4828
IBM API Connect CVE-2020-4828 affects IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, vulnerable to web cache poisoning due to improper input validation when HTTP request headers are modified. Root cause: input validation weakness in header handling. Impact: web cache poisoning pote...
CVE-2018-1389
CVE-2018-1389 affects IBM API Connect 5.0.0.0–5.0.8.2. The root cause is a vulnerability in generated LoopBack APIs for a Model using BelongsTo/HasMany relationships, allowing unauthorized modification of information. Public records note CVSS v3.0 base score 6.5 (I/H) and CVSS v2.0 base score 4.0...
CVE-2018-1638
The vulnerability CVE-2018-1638 affects IBM API Connect (Developer Portal) versions 5.0.0.0–5.0.8.3, where two-factor authentication (TFA) is not enforced when resetting a user password, while it is enforced for other login scenarios. This bypass could allow an attacker to gain full access if the...
CVE-2018-1859
CVE-2018-1859 affects IBM API Connect 5.0.0.0–5.0.8.4, where a user authenticated as an administrator with limited rights can escalate privileges. The IBM bulletin confirms the affected product versions and provides remediation: upgrade to IBM API Connect V5.0.8.5 fixpack (remediation package API...
CVE-2021-29772
IBM API Connect CVE-2021-29772 affects 5.0.0.0–5.0.8.11 and is due to unsanitized user input allowing code injection. The IBM advisory lists a fix in 5.0.8.12 (remediation). Affected component/stack is API Connect; network-exposed attack vector with low attacker complexity in some sources. No exp...
CVE-2017-1161
IBM API Connect Developer Portal (5.0.x) is affected by CVE-2017-1161 due to improper validation of URLs, enabling unauthenticated remote code execution with the privileges of the www-data user when a malicious URL is crafted. Affected product: IBM API Connect 5.0.6.0. Impact: remote command exec...
CVE-2018-1532
IBM API Connect versions 5.0.0.0–5.0.8.2 do not properly update the SESSIONID with each request, enabling an attacker to obtain the session ID and leverage it in further attacks. The vulnerability affects IBM API Connect (Management Server) and is documented with CVE-2018-1532. IBM’s security bul...
CVE-2018-1976
IBM. API Connect 5.0.0.0–5.0.8.4 is affected by a REST API–driven information disclosure that could allow a user with administrative privileges to obtain highly sensitive data. The root cause is described as a sensitive information disclosure via a REST API. The issue is addressed in IBM API Conn...
CVE-2018-2015
IBM API Connect 2018.1–2018.4.1.4 is affected by a clickjacking (UI redress) vulnerability that could allow a remote attacker to hijack the victim’s clicking actions by luring them to a malicious site. The issue is identified as CVE-2018-2015. A fix is available: IBM API Connect v2018.4.1.5 fixpa...
CVE-2020-4638
CVE-2020-4638 affects IBM API Connect’s API Manager (versions 2018.4.1.0–2018.4.1.12). A privilege-escalation flaw allows an invitee to an API Provider organization to gain higher privileges by manipulating the invitation link. The IBM bulletin notes remediation: address in IBM API Connect V2018....
CVE-2020-4695
IBM API Connect V10.0.1.0 is affected by insecure communications during database replication, allowing an attacker to view unencrypted data and causing confidentiality loss. The CVE-2020-4695 entry is supported by IBM and CNVD/NVD references, which describe the vulnerability as stemming from unse...
CVE-2020-4827
CVE-2020-4827 affects IBM API Connect: vulnerable in IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13 to CSRF, enabling malicious actions transmitted from a trusted user. The CVSS base score is 4.3 (MEDIUM). Remediation is to upgrade to IBM API Connect 2018.4.1.15 or 10.0.1.1 (per the...
CVE-2019-4444
IBM API Connect CVE-2019-4444 affects Developer Portal on versions 2018.1–2018.4.1.7, where the user registration page does not disable password autocomplete. The vulnerability enables a local attacker with access to the browser and local system credentials to steal registration passwords. Remedi...
CVE-2020-4251
IBM API Connect versions 5.0.0.0–5.0.8.8 are vulnerable to cross-site scripting in the Web UI, allowing an attacker to inject arbitrary JavaScript that could lead to credentials disclosure in a trusted session. The root cause is XSS in the Web UI. Remediation: the vulnerability was addressed in I...
CVE-2020-4903
IBM API Connect contains an information-disclosure/impersonation vulnerability (CVE-2020-4903) affecting API Connect V10.0.1.1 and V2018.4.1.0–2018.4.1.13. The root issue is a vulnerability in the registration invitation flow allowing interception of the link to impersonate a user or access sensi...
CVE-2018-1469
IBM API Connect Developer Portal in versions 5.0.0.0–5.0.8.2 is affected by a vulnerability that could allow an unauthenticated attacker to execute system commands via specially crafted HTTP requests. The CVE entry for CVE-2018-1469 is supported by multiple sources (NVD/NVD-derived pages and rela...
CVE-2019-4051
CVE-2019-4051 affects IBM API Connect 2018.1–2018.4.1.3, where certain URIs disclose system-specification details such as machine id, system UUID, filesystem paths, network interface names and MAC addresses. This information disclosure could enable targeted attacks. The IBM bulletin confirms reme...
CVE-2019-4460
The vulnerability CVE-2019-4460 affects IBM API Connect up to version 5.0.8.6, where the developer portal could be exploited to traverse directories by sending URL requests containing dot-dot sequences (../) to view arbitrary files. Root cause is a path traversal flaw in the portal component, exp...
CVE-2020-4337
CVE-2020-4337 affects IBM API Connect 2018.4.1.0–2018.4.1.12, where an attacker could trigger the server to send user registration emails containing malicious URLs, enabling phishing. The IBM advisory (Vulnerability Details) confirms the affected product versions and impact, with a CVSS v3 base s...
CVE-2020-4899
CVE-2020-4899 affects IBM API Connect 5.0.0.0 through 5.0.8.10, where plain text transmission of sensitive information over the network can leak data and potentially cause data corruption. The IBM bulletin lists affected versions and notes that remediation is provided in IBM API Connect V5.0.8.10...
CVE-2020-4838
IBM API Connect 5.0.0.0–5.0.8.10 is vulnerable to stored cross-site scripting in the Developer Portal/Web UI, allowing arbitrary JavaScript in a trusted session and potentially exposing credentials. Affected versions: 5.0.0.0–5.0.8.10. Remediation: fix in 5.0.8.10 iFix released 2020-12-18. No exp...
CVE-2018-1430
IBM API Connect is affected by a cross-site scripting vulnerability (CVE-2018-1430) in the Web UI for versions 5.0.0.0–5.0.8.2. The issue lets an attacker embed arbitrary JavaScript, potentially altering UI behavior and leading to credentials disclosure within a trusted session. The CVSS v3 base ...
CVE-2020-4195
CVE-2020-4195 affects IBM API Connect: API Connect V2018.4.1.0–2018.4.1.10 vulnerable to clickjacking via a malicious website, enabling a remote actor to hijack the user’s click actions. The IBM security bulletin confirms remediation in V2018.4.1.11 (addressed) and provides the upgrade path (2018...
CVE-2025-13915
IBM API Connect is affected by CVE-2025-13915, a remote authentication bypass in versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The issue allows an unauthenticated attacker to bypass authentication and gain unauthorized access to the application. IBM’s security bulletin recommends upgrading to version...
CVE-2026-9074
IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...
CVE-2026-3144
CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...