Filtered by vendor Ibm Subscriptions
Filtered by product Api Connect Subscriptions
Total 78 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-1389 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.
CVE-2018-2009 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
CVE-2017-1386 1 Ibm 2 Api Connect, Api Management 2024-09-17 N/A
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
CVE-2019-4008 1 Ibm 1 Api Connect 2024-09-17 9.8 Critical
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
CVE-2018-1778 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801.
CVE-2019-4256 1 Ibm 1 Api Connect 2024-09-17 7.5 High
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.
CVE-2017-1785 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
CVE-2019-4444 1 Ibm 1 Api Connect 2024-09-17 5.5 Medium
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.
CVE-2018-1976 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.
CVE-2021-29772 1 Ibm 1 Api Connect 2024-09-17 9.8 Critical
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.
CVE-2019-4203 1 Ibm 1 Api Connect 2024-09-17 9.8 Critical
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.
CVE-2018-1779 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-1859 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.
CVE-2020-4346 1 Ibm 1 Api Connect 2024-09-17 5.3 Medium
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.
CVE-2019-4460 1 Ibm 1 Api Connect 2024-09-17 7.5 High
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.
CVE-2019-4553 1 Ibm 1 Api Connect 2024-09-17 7.5 High
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.
CVE-2020-4251 1 Ibm 1 Api Connect 2024-09-17 5.4 Medium
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.
CVE-2019-4609 1 Ibm 1 Api Connect 2024-09-17 7.5 High
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.
CVE-2017-1556 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
CVE-2018-1874 1 Ibm 1 Api Connect 2024-09-17 N/A
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.