Api Connect Security Vulnerabilities and Issues — Api Connect CVE List

Lucene search

IbmApi Connect

6 matches found

CVE•added 2019/04/15 3:29 p.m.•63 views

CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

9.8CVSS8.9AI score0.00483EPSS

CVE•added 2019/04/15 3:29 p.m.•59 views

CVE-2019-4202

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.

10CVSS9.4AI score0.02423EPSS

CVE•added 2019/04/08 3:29 p.m.•44 views

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.

9.8CVSS9.1AI score0.00781EPSS

CVE•added 2019/04/02 2:29 p.m.•40 views

CVE-2018-1874

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.

4.6CVSS4.2AI score0.00136EPSS

CVE•added 2019/04/29 5:29 p.m.•40 views

CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.

7.5CVSS7.2AI score0.00096EPSS

CVE•added 2019/04/08 3:29 p.m.•34 views

CVE-2019-4051

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.

5.3CVSS4.9AI score0.00202EPSS