CVE-2018-1599
- EPSS 0.85%
- Veröffentlicht 22.08.2018 11:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:04
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click a...
CVE-2018-1712
- EPSS 0.71%
- Veröffentlicht 16.08.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:14
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IB...
CVE-2018-1638
- EPSS 1.81%
- Veröffentlicht 31.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:07
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
CVE-2018-1548
- EPSS 1.32%
- Veröffentlicht 09.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:59
IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657.
CVE-2018-1546
- EPSS 2.21%
- Veröffentlicht 06.07.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:59:59
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive informati...
CVE-2018-1532
- EPSS 0.98%
- Veröffentlicht 31.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:58
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.
CVE-2018-1468
- EPSS 0.96%
- Veröffentlicht 02.05.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:53
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.
CVE-2018-1430
- EPSS 0.97%
- Veröffentlicht 30.04.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:48
IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit...
CVE-2018-1389
- EPSS 1.51%
- Veröffentlicht 30.04.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:44
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.
- EPSS 2.79%
- Veröffentlicht 04.04.2018 18:29:02
- Zuletzt bearbeitet 21.11.2024 03:59:53
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.