Ibm

Api Connect

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-4452

  • EPSS 0.11%
  • Veröffentlicht 29.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:45

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

5.4

CVE-2020-4251

  • EPSS 0.18%
  • Veröffentlicht 12.06.2020 13:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:27

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit...

5.3

CVE-2020-4346

  • EPSS 0.17%
  • Veröffentlicht 12.05.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:37

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.

5.4

CVE-2020-4195

  • EPSS 0.09%
  • Veröffentlicht 12.05.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:22

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's...

7.5

CVE-2019-4553

  • EPSS 0.15%
  • Veröffentlicht 24.03.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:43:43

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

7.5

CVE-2019-4609

  • EPSS 0.13%
  • Veröffentlicht 18.12.2019 17:16:43
  • Zuletzt bearbeitet 21.11.2024 04:43:51

IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.

5.5

CVE-2019-4444

  • EPSS 0.1%
  • Veröffentlicht 16.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:36

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. ...

5.3

CVE-2019-4600

  • EPSS 0.15%
  • Veröffentlicht 29.10.2019 00:15:11
  • Zuletzt bearbeitet 21.11.2024 04:43:49

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.

5.3

CVE-2019-4437

  • EPSS 0.21%
  • Veröffentlicht 20.08.2019 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:43:36

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.

7.5

CVE-2019-4460

  • EPSS 0.38%
  • Veröffentlicht 20.08.2019 19:15:16
  • Zuletzt bearbeitet 21.11.2024 04:43:38

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the ...