Api Connect Security Vulnerabilities and Issues — Page 2 of Api Connect CVE List

Lucene search

IbmApi Connect

78 matches found

CVE•added 2019/02/07 4:0 p.m.•38 views

CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

9.8CVSS8.8AI score0.00486EPSS

CVE•added 2017/04/17 9:59 p.m.•37 views

CVE-2017-1161

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privilege...

7.5CVSS7.4AI score0.00375EPSS

CVE•added 2018/02/07 5:29 p.m.•37 views

CVE-2018-1382

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2018/07/31 1:29 p.m.•37 views

CVE-2018-1638

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.

8.1CVSS7.9AI score0.00205EPSS

CVE•added 2019/01/29 4:29 p.m.•37 views

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.

4.9CVSS4.6AI score0.00261EPSS

CVE•added 2021/02/04 5:15 p.m.•37 views

CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use...

4.1CVSS4AI score0.00076EPSS

CVE•added 2021/02/04 5:15 p.m.•37 views

CVE-2020-4827

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.

4.3CVSS4.7AI score0.0009EPSS

CVE•added 2021/08/26 8:15 p.m.•37 views

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

9.8CVSS8.9AI score0.0025EPSS

CVE•added 2018/04/30 2:29 p.m.•36 views

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

6.5CVSS6.3AI score0.00226EPSS

CVE•added 2018/05/31 9:29 p.m.•36 views

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2019/01/04 3:29 p.m.•36 views

CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.

6.5CVSS4.6AI score0.00201EPSS

CVE•added 2019/12/16 4:15 p.m.•36 views

CVE-2019-4444

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.

5.5CVSS5.3AI score0.00101EPSS

CVE•added 2020/05/12 2:15 p.m.•36 views

CVE-2020-4346

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.

5.3CVSS5AI score0.00174EPSS

CVE•added 2020/09/03 2:15 p.m.•36 views

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.

7.2CVSS6.9AI score0.00522EPSS

CVE•added 2021/02/04 5:15 p.m.•36 views

CVE-2020-4828

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

6.5CVSS6.3AI score0.00158EPSS

CVE•added 2019/05/02 4:29 p.m.•34 views

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against ...

6.4CVSS6.1AI score0.00201EPSS

CVE•added 2019/04/08 3:29 p.m.•34 views

CVE-2019-4051

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.

5.3CVSS4.9AI score0.00202EPSS

CVE•added 2020/03/24 4:15 p.m.•34 views

CVE-2019-4553

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

7.5CVSS7.2AI score0.00146EPSS

CVE•added 2020/06/12 1:15 p.m.•33 views

CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.

5.4CVSS5.2AI score0.00179EPSS

CVE•added 2020/09/03 2:15 p.m.•33 views

CVE-2020-4337

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.

6.5CVSS6.2AI score0.00192EPSS

CVE•added 2021/01/05 3:15 p.m.•33 views

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

9.1CVSS8.8AI score0.00109EPSS

CVE•added 2018/04/04 6:29 p.m.•32 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

10CVSS9.1AI score0.00466EPSS

CVE•added 2019/08/20 7:15 p.m.•32 views

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.

7.5CVSS7.2AI score0.00375EPSS

CVE•added 2020/05/12 2:15 p.m.•32 views

CVE-2020-4195

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

5.4CVSS5.4AI score0.00086EPSS

CVE•added 2021/03/08 6:15 p.m.•32 views

CVE-2020-4695

IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.

7.5CVSS7.3AI score0.00096EPSS

CVE•added 2021/01/12 3:15 p.m.•32 views

CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 19...

6.4CVSS5.1AI score0.00092EPSS

CVE•added 2021/03/08 6:15 p.m.•32 views

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.

6.5CVSS6.2AI score0.00136EPSS

CVE•added 2018/04/30 2:29 p.m.•29 views

CVE-2018-1430

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226.

5.4CVSS5.2AI score0.00237EPSS

Total number of security vulnerabilities78