Ibm

Api Connect

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-4452

  • EPSS 0.11%
  • Published 29.06.2020 14:15:12
  • Last modified 21.11.2024 05:32:45

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

5.4

CVE-2020-4251

  • EPSS 0.18%
  • Published 12.06.2020 13:15:10
  • Last modified 21.11.2024 05:32:27

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit...

5.3

CVE-2020-4346

  • EPSS 0.17%
  • Published 12.05.2020 14:15:12
  • Last modified 21.11.2024 05:32:37

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.

5.4

CVE-2020-4195

  • EPSS 0.09%
  • Published 12.05.2020 14:15:12
  • Last modified 21.11.2024 05:32:22

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's...

7.5

CVE-2019-4553

  • EPSS 0.15%
  • Published 24.03.2020 16:15:12
  • Last modified 21.11.2024 04:43:43

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

7.5

CVE-2019-4609

  • EPSS 0.13%
  • Published 18.12.2019 17:16:43
  • Last modified 21.11.2024 04:43:51

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.

5.5

CVE-2019-4444

  • EPSS 0.1%
  • Published 16.12.2019 16:15:11
  • Last modified 21.11.2024 04:43:36

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. ...

5.3

CVE-2019-4600

  • EPSS 0.15%
  • Published 29.10.2019 00:15:11
  • Last modified 21.11.2024 04:43:49

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.

5.3

CVE-2019-4437

  • EPSS 0.21%
  • Published 20.08.2019 20:15:13
  • Last modified 21.11.2024 04:43:36

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.

7.5

CVE-2019-4460

  • EPSS 0.38%
  • Published 20.08.2019 19:15:16
  • Last modified 21.11.2024 04:43:38

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the ...