Vulnerabilities (CVE)

Vendor filter

Ibm Subscribe

Product filter

Api Connect Subscribe

Filter

49 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-4460 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on...
CVE-2019-4437 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.
CVE-2019-4402 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263.
CVE-2019-4203 1 Ibm 1 Api Connect 2019-10-09 9.0
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.
CVE-2019-4202 1 Ibm 1 Api Connect 2019-10-09 10.0
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.
CVE-2019-4155 1 Ibm 1 Api Connect 2019-10-09 7.5
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
CVE-2019-4052 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
CVE-2019-4008 1 Ibm 1 Api Connect 2019-10-09 5.0
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
CVE-2018-2009 1 Ibm 1 Api Connect 2019-10-09 4.0
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
CVE-2018-2007 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.
CVE-2018-1991 1 Ibm 1 Api Connect 2019-10-09 4.0
IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.
CVE-2018-1976 1 Ibm 1 Api Connect 2019-10-09 4.0
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.
CVE-2018-1973 1 Ibm 1 Api Connect 2019-10-09 9.0
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.
CVE-2018-1932 1 Ibm 1 Api Connect 2019-10-09 4.0
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.
CVE-2018-1874 1 Ibm 1 Api Connect 2019-10-09 2.1
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.
CVE-2018-1859 1 Ibm 1 Api Connect 2019-10-09 6.5
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.
CVE-2018-1789 1 Ibm 1 Api Connect 2019-10-09 6.5
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.
CVE-2018-1784 1 Ibm 1 Api Connect 2019-10-09 7.5
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
CVE-2018-1779 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-1778 1 Ibm 1 Api Connect 2019-10-09 9.3
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User...