CVE-2018-1382
- EPSS 0.55%
- Veröffentlicht 07.02.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 03:59:43
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se...
CVE-2017-1785
- EPSS 0.96%
- Veröffentlicht 07.02.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 03:22:21
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
CVE-2017-1555
- EPSS 0.91%
- Veröffentlicht 25.09.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
CVE-2017-1551
- EPSS 0.9%
- Veröffentlicht 25.09.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click a...
CVE-2017-1556
- EPSS 1.46%
- Veröffentlicht 13.09.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
CVE-2017-1386
- EPSS 1.16%
- Veröffentlicht 31.07.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
CVE-2017-1328
- EPSS 1.74%
- Veröffentlicht 27.06.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass securit...
CVE-2017-1322
- EPSS 2.34%
- Veröffentlicht 27.06.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 12...
CVE-2017-1379
- EPSS 2.03%
- Veröffentlicht 15.06.2017 13:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.
CVE-2017-1161
- EPSS 1.5%
- Veröffentlicht 17.04.2017 21:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute ar...