Filtered by vendor Ibm
Subscriptions
Filtered by product Api Connect
Subscriptions
Total
78 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-1389 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213. | ||||
CVE-2018-2009 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148. | ||||
CVE-2017-1386 | 1 Ibm | 2 Api Connect, Api Management | 2024-09-17 | N/A |
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160. | ||||
CVE-2019-4008 | 1 Ibm | 1 Api Connect | 2024-09-17 | 9.8 Critical |
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | ||||
CVE-2018-1778 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801. | ||||
CVE-2019-4256 | 1 Ibm | 1 Api Connect | 2024-09-17 | 7.5 High |
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944. | ||||
CVE-2017-1785 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. | ||||
CVE-2019-4444 | 1 Ibm | 1 Api Connect | 2024-09-17 | 5.5 Medium |
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453. | ||||
CVE-2018-1976 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031. | ||||
CVE-2021-29772 | 1 Ibm | 1 Api Connect | 2024-09-17 | 9.8 Critical |
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | ||||
CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2024-09-17 | 9.8 Critical |
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | ||||
CVE-2018-1779 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802. | ||||
CVE-2018-1859 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258. | ||||
CVE-2020-4346 | 1 Ibm | 1 Api Connect | 2024-09-17 | 5.3 Medium |
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | ||||
CVE-2019-4460 | 1 Ibm | 1 Api Connect | 2024-09-17 | 7.5 High |
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681. | ||||
CVE-2019-4553 | 1 Ibm | 1 Api Connect | 2024-09-17 | 7.5 High |
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | ||||
CVE-2020-4251 | 1 Ibm | 1 Api Connect | 2024-09-17 | 5.4 Medium |
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. | ||||
CVE-2019-4609 | 1 Ibm | 1 Api Connect | 2024-09-17 | 7.5 High |
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510. | ||||
CVE-2017-1556 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546. | ||||
CVE-2018-1874 | 1 Ibm | 1 Api Connect | 2024-09-17 | N/A |
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636. |