RSS   Vulnerabilities for 'Api connect'   RSS

2023-12-09
 
CVE-2023-47722

CWE-522
 

 
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

 
2021-08-26
 
CVE-2021-29715

CWE-668
 

 
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.

 
 
CVE-2021-29772

CWE-94
 

 
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

 
2021-08-17
 
CVE-2020-4706

CWE-20
 

 
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.

 
2021-08-04
 
CVE-2020-4707

CWE-79
 

 
IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370.

 
2021-03-15
 
CVE-2021-20440

NVD-CWE-noinfo
 

 
IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536.

 
2021-03-08
 
CVE-2020-4903

NVD-CWE-noinfo
 

 
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.

 
 
CVE-2020-4695

CWE-311
 

 
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.

 
2021-02-04
 
CVE-2020-4828

CWE-20
 

 
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

 
 
CVE-2020-4827

CWE-352
 

 
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.

 


Copyright 2024, cxsecurity.com

 

Back to Top