Api Connect@5.0.8.1 Security Vulnerabilities and Issues — Api Connect@5.0.8.1 CVE List

Lucene search

IbmApi Connect5.0.8.1

10 matches found

CVE•added 2018/02/07 5:29 p.m.•47 views

CVE-2017-1785

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2018/08/22 11:29 a.m.•42 views

CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

5.4CVSS5.4AI score0.00092EPSS

CVE•added 2018/05/02 1:29 p.m.•41 views

CVE-2018-1468

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.

4.3CVSS4.3AI score0.00156EPSS

CVE•added 2018/07/06 2:29 p.m.•40 views

CVE-2018-1546

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Forc...

5.9CVSS5.4AI score0.00229EPSS

CVE•added 2018/08/16 7:29 p.m.•40 views

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

9.9CVSS8.9AI score0.00108EPSS

CVE•added 2018/02/07 5:29 p.m.•37 views

CVE-2018-1382

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.

5.4CVSS5.2AI score0.00198EPSS

CVE•added 2018/04/30 2:29 p.m.•36 views

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

6.5CVSS6.3AI score0.00226EPSS

CVE•added 2018/05/31 9:29 p.m.•36 views

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2018/04/04 6:29 p.m.•32 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

10CVSS9.1AI score0.00466EPSS

CVE•added 2018/04/30 2:29 p.m.•29 views

CVE-2018-1430

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226.

5.4CVSS5.2AI score0.00237EPSS