Lucene search
K
IbmApi Connect

81 matches found

CVE
CVE
added 2018/07/09 1:0 p.m.50 views

CVE-2018-1548

CVE-2018-1548 affects IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4, causing information disclosure to an authenticated user. The connected documents confirm the vulnerable product and versions, and state that the vulnerability could allow access to sensitive information....

4.3CVSS4.2AI score0.01316EPSS
CVE
CVE
added 2019/04/02 1:20 p.m.50 views

CVE-2018-1874

CVE-2018-1874 affects IBM API Connect versions 5.0.0.0–5.0.8.5 and could display highly sensitive information to an attacker with physical access, due to an information-disclosure path exposed by insecure caching. The vulnerability is documented with a CVSS v3 base score of 4.6 (MEDIUM) and a CVS...

4.6CVSS4.2AI score0.00436EPSS
CVE
CVE
added 2019/02/07 4:0 p.m.50 views

CVE-2019-4008

CVE-2019-4008 affects IBM API Connect V2018.1–2018.4.1.1. The issue is an access token leak where authorization tokens in some URLs could be written to log files, enabling disclosure of credentials. Affected product: IBM API Connect (API Management) 2018.x. Root cause: tokens exposed via logging ...

9.8CVSS8.8AI score0.02272EPSS
CVE
CVE
added 2021/02/04 4:55 p.m.50 views

CVE-2020-4640

IBM API Connect is affected by CVE-2020-4640 for configurations of IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, which can leak sensitive data in URL fragment identifiers cached by intermediaries. The IBM security bulletin lists affected versions and that remediation is available:...

4.1CVSS4AI score0.00348EPSS
CVE
CVE
added 2021/02/04 4:55 p.m.50 views

CVE-2020-4825

Summary. CVE-2020-4825 is an IBM API Connect cross-site scripting flaw affecting IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13. The underlying issue is a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript in a trusted session...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2021/02/04 4:55 p.m.50 views

CVE-2020-4828

IBM API Connect CVE-2020-4828 affects IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, vulnerable to web cache poisoning due to improper input validation when HTTP request headers are modified. Root cause: input validation weakness in header handling. Impact: web cache poisoning pote...

6.5CVSS6.3AI score0.00812EPSS
CVE
CVE
added 2018/04/30 2:0 p.m.49 views

CVE-2018-1389

CVE-2018-1389 affects IBM API Connect 5.0.0.0–5.0.8.2. The root cause is a vulnerability in generated LoopBack APIs for a Model using BelongsTo/HasMany relationships, allowing unauthorized modification of information. Public records note CVSS v3.0 base score 6.5 (I/H) and CVSS v2.0 base score 4.0...

6.5CVSS6.3AI score0.01507EPSS
CVE
CVE
added 2018/07/31 1:0 p.m.49 views

CVE-2018-1638

The vulnerability CVE-2018-1638 affects IBM API Connect (Developer Portal) versions 5.0.0.0–5.0.8.3, where two-factor authentication (TFA) is not enforced when resetting a user password, while it is enforced for other login scenarios. This bypass could allow an attacker to gain full access if the...

8.1CVSS7.9AI score0.01813EPSS
CVE
CVE
added 2019/01/04 3:0 p.m.49 views

CVE-2018-1859

CVE-2018-1859 affects IBM API Connect 5.0.0.0–5.0.8.4, where a user authenticated as an administrator with limited rights can escalate privileges. The IBM bulletin confirms the affected product versions and provides remediation: upgrade to IBM API Connect V5.0.8.5 fixpack (remediation package API...

6.5CVSS4.6AI score0.01036EPSS
CVE
CVE
added 2021/08/26 7:25 p.m.49 views

CVE-2021-29772

IBM API Connect CVE-2021-29772 affects 5.0.0.0–5.0.8.11 and is due to unsanitized user input allowing code injection. The IBM advisory lists a fix in 5.0.8.12 (remediation). Affected component/stack is API Connect; network-exposed attack vector with low attacker complexity in some sources. No exp...

9.8CVSS8.9AI score0.00922EPSS
CVE
CVE
added 2017/04/17 9:0 p.m.48 views

CVE-2017-1161

IBM API Connect Developer Portal (5.0.x) is affected by CVE-2017-1161 due to improper validation of URLs, enabling unauthenticated remote code execution with the privileges of the www-data user when a malicious URL is crafted. Affected product: IBM API Connect 5.0.6.0. Impact: remote command exec...

7.5CVSS7.4AI score0.01495EPSS
CVE
CVE
added 2018/05/31 9:0 p.m.48 views

CVE-2018-1532

IBM API Connect versions 5.0.0.0–5.0.8.2 do not properly update the SESSIONID with each request, enabling an attacker to obtain the session ID and leverage it in further attacks. The vulnerability affects IBM API Connect (Management Server) and is documented with CVE-2018-1532. IBM’s security bul...

4.3CVSS4.3AI score0.00976EPSS
CVE
CVE
added 2019/01/29 4:0 p.m.48 views

CVE-2018-1976

IBM. API Connect 5.0.0.0–5.0.8.4 is affected by a REST API–driven information disclosure that could allow a user with administrative privileges to obtain highly sensitive data. The root cause is described as a sensitive information disclosure via a REST API. The issue is addressed in IBM API Conn...

4.9CVSS4.6AI score0.01665EPSS
CVE
CVE
added 2019/05/02 4:0 p.m.47 views

CVE-2018-2015

IBM API Connect 2018.1–2018.4.1.4 is affected by a clickjacking (UI redress) vulnerability that could allow a remote attacker to hijack the victim’s clicking actions by luring them to a malicious site. The issue is identified as CVE-2018-2015. A fix is available: IBM API Connect v2018.4.1.5 fixpa...

6.4CVSS6.1AI score0.01595EPSS
CVE
CVE
added 2020/09/03 1:55 p.m.47 views

CVE-2020-4638

CVE-2020-4638 affects IBM API Connect’s API Manager (versions 2018.4.1.0–2018.4.1.12). A privilege-escalation flaw allows an invitee to an API Provider organization to gain higher privileges by manipulating the invitation link. The IBM bulletin notes remediation: address in IBM API Connect V2018....

7.2CVSS6.9AI score0.01715EPSS
CVE
CVE
added 2021/03/08 6:0 p.m.47 views

CVE-2020-4695

IBM API Connect V10.0.1.0 is affected by insecure communications during database replication, allowing an attacker to view unencrypted data and causing confidentiality loss. The CVE-2020-4695 entry is supported by IBM and CNVD/NVD references, which describe the vulnerability as stemming from unse...

7.5CVSS7.3AI score0.00773EPSS
CVE
CVE
added 2021/02/04 4:55 p.m.47 views

CVE-2020-4827

CVE-2020-4827 affects IBM API Connect: vulnerable in IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13 to CSRF, enabling malicious actions transmitted from a trusted user. The CVSS base score is 4.3 (MEDIUM). Remediation is to upgrade to IBM API Connect 2018.4.1.15 or 10.0.1.1 (per the...

4.3CVSS4.7AI score0.00398EPSS
CVE
CVE
added 2019/12/16 3:45 p.m.46 views

CVE-2019-4444

IBM API Connect CVE-2019-4444 affects Developer Portal on versions 2018.1–2018.4.1.7, where the user registration page does not disable password autocomplete. The vulnerability enables a local attacker with access to the browser and local system credentials to steal registration passwords. Remedi...

5.5CVSS5.3AI score0.00303EPSS
CVE
CVE
added 2020/06/12 1:10 p.m.46 views

CVE-2020-4251

IBM API Connect versions 5.0.0.0–5.0.8.8 are vulnerable to cross-site scripting in the Web UI, allowing an attacker to inject arbitrary JavaScript that could lead to credentials disclosure in a trusted session. The root cause is XSS in the Web UI. Remediation: the vulnerability was addressed in I...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/03/08 6:0 p.m.46 views

CVE-2020-4903

IBM API Connect contains an information-disclosure/impersonation vulnerability (CVE-2020-4903) affecting API Connect V10.0.1.1 and V2018.4.1.0–2018.4.1.13. The root issue is a vulnerability in the registration invitation flow allowing interception of the link to impersonate a user or access sensi...

6.5CVSS6.2AI score0.00747EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.45 views

CVE-2018-1469

IBM API Connect Developer Portal in versions 5.0.0.0–5.0.8.2 is affected by a vulnerability that could allow an unauthenticated attacker to execute system commands via specially crafted HTTP requests. The CVE entry for CVE-2018-1469 is supported by multiple sources (NVD/NVD-derived pages and rela...

10CVSS9.1AI score0.02788EPSS
CVE
CVE
added 2019/04/08 2:50 p.m.45 views

CVE-2019-4051

CVE-2019-4051 affects IBM API Connect 2018.1–2018.4.1.3, where certain URIs disclose system-specification details such as machine id, system UUID, filesystem paths, network interface names and MAC addresses. This information disclosure could enable targeted attacks. The IBM bulletin confirms reme...

5.3CVSS4.9AI score0.01704EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.45 views

CVE-2019-4460

The vulnerability CVE-2019-4460 affects IBM API Connect up to version 5.0.8.6, where the developer portal could be exploited to traverse directories by sending URL requests containing dot-dot sequences (../) to view arbitrary files. Root cause is a path traversal flaw in the portal component, exp...

7.5CVSS7.2AI score0.02569EPSS
CVE
CVE
added 2020/09/03 1:55 p.m.45 views

CVE-2020-4337

CVE-2020-4337 affects IBM API Connect 2018.4.1.0–2018.4.1.12, where an attacker could trigger the server to send user registration emails containing malicious URLs, enabling phishing. The IBM advisory (Vulnerability Details) confirms the affected product versions and impact, with a CVSS v3 base s...

6.5CVSS6.2AI score0.01051EPSS
CVE
CVE
added 2021/01/05 3:10 p.m.44 views

CVE-2020-4899

CVE-2020-4899 affects IBM API Connect 5.0.0.0 through 5.0.8.10, where plain text transmission of sensitive information over the network can leak data and potentially cause data corruption. The IBM bulletin lists affected versions and notes that remediation is provided in IBM API Connect V5.0.8.10...

9.1CVSS8.8AI score0.00762EPSS
CVE
CVE
added 2021/01/12 2:45 p.m.43 views

CVE-2020-4838

IBM API Connect 5.0.0.0–5.0.8.10 is vulnerable to stored cross-site scripting in the Developer Portal/Web UI, allowing arbitrary JavaScript in a trusted session and potentially exposing credentials. Affected versions: 5.0.0.0–5.0.8.10. Remediation: fix in 5.0.8.10 iFix released 2020-12-18. No exp...

6.4CVSS5.1AI score0.00605EPSS
CVE
CVE
added 2018/04/30 2:0 p.m.42 views

CVE-2018-1430

IBM API Connect is affected by a cross-site scripting vulnerability (CVE-2018-1430) in the Web UI for versions 5.0.0.0–5.0.8.2. The issue lets an attacker embed arbitrary JavaScript, potentially altering UI behavior and leading to credentials disclosure within a trusted session. The CVSS v3 base ...

5.4CVSS5.2AI score0.00968EPSS
CVE
CVE
added 2020/05/12 1:40 p.m.42 views

CVE-2020-4195

CVE-2020-4195 affects IBM API Connect: API Connect V2018.4.1.0–2018.4.1.10 vulnerable to clickjacking via a malicious website, enabling a remote actor to hijack the user’s click actions. The IBM security bulletin confirms remediation in V2018.4.1.11 (addressed) and provides the upgrade path (2018...

5.4CVSS5.4AI score0.00637EPSS
CVE
CVE
added 2025/12/26 1:16 p.m.26 views

CVE-2025-13915

IBM API Connect is affected by CVE-2025-13915, a remote authentication bypass in versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The issue allows an unauthenticated attacker to bypass authentication and gain unauthorized access to the application. IBM’s security bulletin recommends upgrading to version...

9.8CVSS6.6AI score0.08673EPSS
CVE
CVE
added 6 days ago13 views

CVE-2026-9074

IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...

9.8CVSS6AI score0.00507EPSS
CVE
CVE
added 6 days ago8 views

CVE-2026-3144

CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...

9.8CVSS5.9AI score0.00412EPSS
Total number of security vulnerabilities81