Api Connect@5.0.8.0 Security Vulnerabilities and Issues — Api Connect@5.0.8.0 CVE List

Lucene search

IbmApi Connect5.0.8.0

11 matches found

CVE•added 2018/09/05 5:29 p.m.•68 views

CVE-2016-1000232

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

5.3CVSS5.3AI score0.00957EPSS

CVE•added 2018/02/07 5:29 p.m.•47 views

CVE-2017-1785

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2018/12/20 2:29 p.m.•43 views

CVE-2018-1778

IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to ...

9.3CVSS8AI score0.0037EPSS

CVE•added 2018/08/22 11:29 a.m.•42 views

CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

5.4CVSS5.4AI score0.00092EPSS

CVE•added 2018/07/06 2:29 p.m.•40 views

CVE-2018-1546

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Forc...

5.9CVSS5.4AI score0.00229EPSS

CVE•added 2018/08/16 7:29 p.m.•40 views

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

9.9CVSS8.9AI score0.00108EPSS

CVE•added 2018/02/07 5:29 p.m.•37 views

CVE-2018-1382

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2018/04/30 2:29 p.m.•36 views

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

6.5CVSS6.3AI score0.00226EPSS

CVE•added 2018/05/31 9:29 p.m.•36 views

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2018/04/04 6:29 p.m.•32 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

10CVSS9.1AI score0.00466EPSS

CVE•added 2018/04/30 2:29 p.m.•29 views

CVE-2018-1430

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226.

5.4CVSS5.2AI score0.00237EPSS