Check CVE Id
Check CWE Id
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
IBM API Connect 184.108.40.206 through 220.127.116.11 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744.
IBM API Connect's Developer Portal 18.104.22.168 through 22.214.171.124 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
IBM API Connect 126.96.36.199-188.8.131.52 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but enforces it for all other login scenarios. IBM X-Force ID: 144483.
IBM API Connect 184.108.40.206 through 220.127.116.11 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.
IBM API Connect 18.104.22.168 and 22.214.171.124 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
IBM API Connect 126.96.36.199 through 188.8.131.52 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
IBM API Connect 184.108.40.206 through 220.127.116.11 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.
Back to Top