Lucene search

K
IbmApi Connect2018.4.1.0

13 matches found

CVE
CVE
added 2020/06/29 2:15 p.m.42 views

CVE-2020-4452

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

7.5CVSS7.2AI score0.00112EPSS
CVE
CVE
added 2021/03/15 4:15 p.m.42 views

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization...

6.4CVSS4.3AI score0.0018EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.39 views

CVE-2020-4825

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

5.4CVSS5.2AI score0.00158EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.39 views

CVE-2020-4826

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.

4.3CVSS4.7AI score0.0009EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.37 views

CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use...

4.1CVSS4AI score0.00076EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.37 views

CVE-2020-4827

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.

4.3CVSS4.7AI score0.0009EPSS
CVE
CVE
added 2019/12/16 4:15 p.m.36 views

CVE-2019-4444

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.

5.5CVSS5.3AI score0.00101EPSS
CVE
CVE
added 2020/05/12 2:15 p.m.36 views

CVE-2020-4346

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.

5.3CVSS5AI score0.00174EPSS
CVE
CVE
added 2020/09/03 2:15 p.m.36 views

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.

7.2CVSS6.9AI score0.00522EPSS
CVE
CVE
added 2021/02/04 5:15 p.m.36 views

CVE-2020-4828

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

6.5CVSS6.3AI score0.00158EPSS
CVE
CVE
added 2020/09/03 2:15 p.m.33 views

CVE-2020-4337

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.

6.5CVSS6.2AI score0.00192EPSS
CVE
CVE
added 2020/05/12 2:15 p.m.32 views

CVE-2020-4195

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

5.4CVSS5.4AI score0.00086EPSS
CVE
CVE
added 2021/03/08 6:15 p.m.32 views

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.

6.5CVSS6.2AI score0.00136EPSS