Ibm

Api Connect

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2018-1548

  • EPSS 0.16%
  • Published 09.07.2018 13:29:00
  • Last modified 21.11.2024 03:59:59

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657.

4.3

CVE-2018-1546

  • EPSS 0.22%
  • Published 06.07.2018 14:29:01
  • Last modified 21.11.2024 03:59:59

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive informati...

4.3

CVE-2018-1532

  • EPSS 0.12%
  • Published 31.05.2018 21:29:00
  • Last modified 21.11.2024 03:59:58

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.

4.3

CVE-2018-1468

  • EPSS 0.16%
  • Published 02.05.2018 13:29:00
  • Last modified 21.11.2024 03:59:53

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.

5.4

CVE-2018-1430

  • EPSS 0.24%
  • Published 30.04.2018 14:29:00
  • Last modified 21.11.2024 03:59:48

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit...

6.5

CVE-2018-1389

  • EPSS 0.22%
  • Published 30.04.2018 14:29:00
  • Last modified 21.11.2024 03:59:44

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

10

CVE-2018-1469

  • EPSS 0.47%
  • Published 04.04.2018 18:29:02
  • Last modified 21.11.2024 03:59:53

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

5.4

CVE-2018-1382

  • EPSS 0.2%
  • Published 07.02.2018 17:29:01
  • Last modified 21.11.2024 03:59:43

IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...

4.3

CVE-2017-1785

  • EPSS 0.12%
  • Published 07.02.2018 17:29:01
  • Last modified 21.11.2024 03:22:21

IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.

4.3

CVE-2017-1555

  • EPSS 0.22%
  • Published 25.09.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.