Api Connect Security Vulnerabilities and Issues — Api Connect CVE List

Lucene search

IbmApi Connect

12 matches found

CVE•added 2017/09/25 4:29 p.m.•42 views

CVE-2017-1551

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

6.1CVSS6.1AI score0.00159EPSS

CVE•added 2019/03/11 10:29 p.m.•42 views

CVE-2018-2009

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.

6.5CVSS6AI score0.00256EPSS

CVE•added 2021/03/15 4:15 p.m.•42 views

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization...

6.4CVSS4.3AI score0.0018EPSS

CVE•added 2023/12/09 3:15 a.m.•41 views

CVE-2023-47722

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

6.2CVSS5.3AI score0.00017EPSS

CVE•added 2017/09/13 6:29 p.m.•40 views

CVE-2017-1556

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.

6.5CVSS6.2AI score0.00465EPSS

CVE•added 2018/04/30 2:29 p.m.•36 views

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

6.5CVSS6.3AI score0.00215EPSS

CVE•added 2019/01/04 3:29 p.m.•36 views

CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.

6.5CVSS4.6AI score0.00201EPSS

CVE•added 2021/02/04 5:15 p.m.•36 views

CVE-2020-4828

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

6.5CVSS6.3AI score0.00158EPSS

CVE•added 2019/05/02 4:29 p.m.•34 views

CVE-2018-2015

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against ...

6.4CVSS6.1AI score0.00201EPSS

CVE•added 2020/09/03 2:15 p.m.•34 views

CVE-2020-4337

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.

6.5CVSS6.2AI score0.00192EPSS

CVE•added 2021/01/12 3:15 p.m.•32 views

CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 19...

6.4CVSS5.1AI score0.00092EPSS

CVE•added 2021/03/08 6:15 p.m.•32 views

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.

6.5CVSS6.2AI score0.00136EPSS