Api Connect Security Vulnerabilities and Issues — Api Connect CVE List

Lucene search

IbmApi Connect

12 matches found

CVE•added 2019/01/08 5:0 p.m.•142 views

CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.

4.9CVSS4.7AI score0.06042EPSS

CVE•added 2018/02/07 5:29 p.m.•47 views

CVE-2017-1785

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.

4.3CVSS4.3AI score0.00119EPSS

CVE•added 2019/05/22 3:29 p.m.•44 views

CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.

4CVSS3.5AI score0.00141EPSS

CVE•added 2017/09/25 4:29 p.m.•42 views

CVE-2017-1555

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.

4.3CVSS4.3AI score0.00215EPSS

CVE•added 2018/05/02 1:29 p.m.•41 views

CVE-2018-1468

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.

4.3CVSS4.3AI score0.00156EPSS

CVE•added 2019/04/02 2:29 p.m.•40 views

CVE-2018-1874

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.

4.6CVSS4.2AI score0.00136EPSS

CVE•added 2018/07/09 1:29 p.m.•39 views

CVE-2018-1548

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657.

4.3CVSS4.2AI score0.00163EPSS

CVE•added 2021/02/04 5:15 p.m.•39 views

CVE-2020-4826

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840.

4.3CVSS4.7AI score0.0009EPSS

CVE•added 2019/01/29 4:29 p.m.•37 views

CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.

4.9CVSS4.6AI score0.00261EPSS

CVE•added 2021/02/04 5:15 p.m.•37 views

CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use...

4.1CVSS4AI score0.00076EPSS

CVE•added 2021/02/04 5:15 p.m.•37 views

CVE-2020-4827

4.3CVSS4.7AI score0.0009EPSS

CVE•added 2018/05/31 9:29 p.m.•36 views

CVE-2018-1532

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.

4.3CVSS4.3AI score0.00119EPSS