Api Connect Security Vulnerabilities and Issues — Api Connect CVE List

Lucene search

IbmApi Connect

11 matches found

CVE•added 2019/04/15 3:29 p.m.•63 views

CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

9.8CVSS8.9AI score0.00483EPSS

CVE•added 2018/12/20 2:29 p.m.•46 views

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.

9.8CVSS9.1AI score0.00261EPSS

CVE•added 2019/04/08 3:29 p.m.•44 views

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.

9.8CVSS9.1AI score0.00781EPSS

CVE•added 2018/12/20 2:29 p.m.•43 views

CVE-2018-1778

IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to ...

9.3CVSS8AI score0.0037EPSS

CVE•added 2018/09/07 4:0 p.m.•43 views

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

9.9CVSS8.8AI score0.00183EPSS

CVE•added 2018/12/20 2:29 p.m.•42 views

CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.

9CVSS6.6AI score0.00309EPSS

CVE•added 2018/08/16 7:29 p.m.•40 views

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

9.9CVSS8.9AI score0.00108EPSS

CVE•added 2021/08/26 8:15 p.m.•40 views

CVE-2021-29715

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.

9.1CVSS8.5AI score0.00506EPSS

CVE•added 2019/02/07 4:0 p.m.•38 views

CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

9.8CVSS8.8AI score0.00486EPSS

CVE•added 2021/08/26 8:15 p.m.•37 views

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

9.8CVSS8.9AI score0.0025EPSS

CVE•added 2021/01/05 3:15 p.m.•33 views

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

9.1CVSS8.8AI score0.00109EPSS