Api Connect@5.0.0.0 Security Vulnerabilities and Issues — Api Connect@5.0.0.0 CVE List

Lucene search

IbmApi Connect5.0.0.0

38 matches found

CVE•added 2019/01/08 5:0 p.m.•142 views

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.

4.9CVSS4.7AI score0.06042EPSS

CVE•added 2019/06/25 4:15 p.m.•133 views

CVE-2019-4382

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.

5.3CVSS4.9AI score0.00338EPSS

CVE•added 2019/06/25 4:15 p.m.•129 views

CVE-2018-1858

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.

8.8CVSS8.4AI score0.00175EPSS

CVE•added 2019/10/29 12:15 a.m.•64 views

CVE-2019-4600

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.

5.3CVSS4.9AI score0.00152EPSS

CVE•added 2021/08/04 2:15 p.m.•64 views

CVE-2020-4707

IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370.

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2019/04/15 3:29 p.m.•63 views

CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

9.8CVSS8.9AI score0.00483EPSS

CVE•added 2019/04/15 3:29 p.m.•59 views

CVE-2019-4202

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.

10CVSS9.4AI score0.02423EPSS

CVE•added 2019/05/29 3:29 p.m.•59 views

CVE-2019-4256

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.

7.5CVSS7.2AI score0.00158EPSS

CVE•added 2018/12/20 2:29 p.m.•46 views

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.

9.8CVSS9.1AI score0.00261EPSS

CVE•added 2019/05/22 3:29 p.m.•44 views

CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.

4CVSS3.5AI score0.00141EPSS

CVE•added 2021/08/17 2:15 p.m.•44 views

CVE-2020-4706

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to c...

5.5CVSS5.3AI score0.0004EPSS

CVE•added 2017/07/31 9:29 p.m.•43 views

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

5.9CVSS5.5AI score0.00215EPSS

CVE•added 2017/09/25 4:29 p.m.•42 views

CVE-2017-1551

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

6.1CVSS6.1AI score0.00159EPSS

CVE•added 2017/09/25 4:29 p.m.•42 views

CVE-2017-1555

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.

4.3CVSS4.3AI score0.00215EPSS

CVE•added 2018/08/22 11:29 a.m.•42 views

CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

5.4CVSS5.4AI score0.00092EPSS

CVE•added 2018/11/09 1:29 a.m.•42 views

CVE-2018-1774

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.

8.9CVSS7.6AI score0.00182EPSS

CVE•added 2018/12/20 2:29 p.m.•42 views

CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.

9CVSS6.6AI score0.00309EPSS

CVE•added 2017/06/27 4:29 p.m.•40 views

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.

8.2CVSS7.9AI score0.00528EPSS

CVE•added 2017/06/27 4:29 p.m.•40 views

CVE-2017-1328

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126...

5.3CVSS5.2AI score0.00275EPSS

CVE•added 2017/06/15 1:29 p.m.•40 views

CVE-2017-1379

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.

7.5CVSS7.2AI score0.00312EPSS

CVE•added 2018/07/06 2:29 p.m.•40 views

CVE-2018-1546

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Forc...

5.9CVSS5.4AI score0.00229EPSS

CVE•added 2018/08/16 7:29 p.m.•40 views

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

9.9CVSS8.9AI score0.00108EPSS

CVE•added 2019/04/02 2:29 p.m.•40 views

CVE-2018-1874

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.

4.6CVSS4.2AI score0.00136EPSS

CVE•added 2021/08/26 8:15 p.m.•40 views

CVE-2021-29715

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.

9.1CVSS8.5AI score0.00506EPSS

CVE•added 2018/02/07 5:29 p.m.•37 views

CVE-2018-1382

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2018/07/31 1:29 p.m.•37 views

CVE-2018-1638

IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.

8.1CVSS7.9AI score0.00205EPSS

CVE•added 2019/01/29 4:29 p.m.•37 views

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.

4.9CVSS4.6AI score0.00261EPSS

CVE•added 2021/08/26 8:15 p.m.•37 views

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

9.8CVSS8.9AI score0.0025EPSS

CVE•added 2018/04/30 2:29 p.m.•36 views

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

6.5CVSS6.3AI score0.00226EPSS

CVE•added 2018/05/31 9:29 p.m.•36 views

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2019/01/04 3:29 p.m.•36 views

CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.

6.5CVSS4.6AI score0.00201EPSS

CVE•added 2020/03/24 4:15 p.m.•34 views

CVE-2019-4553

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

7.5CVSS7.2AI score0.00146EPSS

CVE•added 2020/06/12 1:15 p.m.•33 views

CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.

5.4CVSS5.2AI score0.00179EPSS

CVE•added 2021/01/05 3:15 p.m.•33 views

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

9.1CVSS8.8AI score0.00109EPSS

CVE•added 2018/04/04 6:29 p.m.•32 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

10CVSS9.1AI score0.00466EPSS

CVE•added 2019/08/20 7:15 p.m.•32 views

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.

7.5CVSS7.2AI score0.00375EPSS

CVE•added 2021/01/12 3:15 p.m.•32 views

CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 19...

6.4CVSS5.1AI score0.00092EPSS

CVE•added 2018/04/30 2:29 p.m.•29 views

CVE-2018-1430

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226.

5.4CVSS5.2AI score0.00237EPSS