Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)| Repositories | https://github.com/salesforce/tough-cookie |
| #Vulnerabilities | 79 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-12 | CVE-2020-4195 | IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. | Api_connect | N/A | ||
| 2020-03-24 | CVE-2019-4553 | IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. | Api_connect | N/A | ||
| 2019-12-18 | CVE-2019-4609 | IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 168510. | Api_connect | N/A | ||
| 2019-12-16 | CVE-2019-4444 | IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453. | Api_connect | N/A | ||
| 2019-10-29 | CVE-2019-4600 | IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883. | Api_connect | N/A | ||
| 2019-03-11 | CVE-2018-2009 | IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148. | Api_connect | 6.5 | ||
| 2019-04-29 | CVE-2018-2007 | IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078. | Api_connect | 7.5 | ||
| 2019-05-22 | CVE-2018-1991 | IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284. | Api_connect | 2.7 | ||
| 2019-01-29 | CVE-2018-1976 | IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031. | Api_connect | 4.9 | ||
| 2018-12-20 | CVE-2018-1973 | IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914. | Api_connect | 7.2 |