6 matches found
CVE-2017-1386
CVE-2017-1386 affects IBM API Connect 5.0.0.0 (and related product versions) where a user could bypass password policy and create non‑compliant passwords that might be intercepted and decrypted via man‑in‑the‑middle techniques. The IBM Security Bulletin details affected ranges: API Connect 5.0.0....
CVE-2015-0149
IBM API Management 3.0 before 3.0.4.1 has an access-control weakness in its developer portal, failing to restrict access to public and private APIs, enabling remote authenticated users to view or modify data via unspecified API calls. Root cause: insufficient API access restrictions. Affected: IB...
CVE-2013-0559
CVE-2013-0559 is an XSS vulnerability in IBM Sterling B2B Integrator and IBM Sterling File Gateway. A remote attacker could execute scripts in a victim’s browser and potentially access sensitive data. Affected products: IBM Sterling B2B Integrator 5.0–5.2 and IBM Sterling File Gateway 2.0–2.2. Ba...
CVE-2014-6133
CVE-2014-6133 affects IBM API Management 3.x before 3.0.1.0. The vulnerability allows local users to obtain sensitive ciphertext information via unspecified vectors. The connected documents do not specify the root cause, exact vulnerable component, exploit details, or remediation steps in the pro...
CVE-2014-3036
The CVE-2014-3036 entry concerns IBM API Management 3.0.0.0. It describes an unspecified vulnerability where, when basic authentication is used for APIs, remote attackers could bypass topology-access restrictions and obtain sensitive information via unknown vectors. The available sources (NVD and...
CVE-2014-6172
IBM API Management 3.0 before 3.0.4.0 IF1 contains an information disclosure vulnerability that lets remote attackers obtain sensitive analytics data in encrypted form via unspecified vectors. The available sources (NVD/CNVD/related entries) confirm the affected product and version range but do n...