RSS   Vulnerabilities for 'Api connect'   RSS

2021-01-12
 
CVE-2020-4838

CWE-79
 

 
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036.

 
2021-01-05
 
CVE-2020-4899

CWE-319
 

 
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

 
2020-09-03
 
CVE-2020-4638

CWE-269
 

 
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.

 
 
CVE-2020-4337

NVD-CWE-noinfo
 

 
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.

 
2020-06-29
 
CVE-2020-4452

CWE-200
 

 
IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

 
2020-06-12
 
CVE-2020-4251

CWE-79
 

 
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.

 
2020-05-12
 
CVE-2020-4346

CWE-200
 

 
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322.

 
 
CVE-2020-4195

CWE-1021
 

 
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859.

 
2020-03-24
 
CVE-2019-4553

CWE-200
 

 
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

 
2019-12-18
 
CVE-2019-4609

CWE-200
 

 
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510.

 


Copyright 2021, cxsecurity.com

 

Back to Top