Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)Repositories | https://github.com/salesforce/tough-cookie |
#Vulnerabilities | 79 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-08-26 | CVE-2021-29772 | IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | Api_connect | 9.8 | ||
2021-08-04 | CVE-2020-4707 | IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | Api_connect | 5.4 | ||
2020-05-12 | CVE-2020-4346 | IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | Api_connect | 5.3 | ||
2020-06-29 | CVE-2020-4452 | IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. | Api_connect | 7.5 | ||
2020-09-03 | CVE-2020-4638 | IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508. | Api_connect | 7.2 | ||
2021-03-08 | CVE-2020-4695 | IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality. | Api_connect | 7.5 | ||
2021-03-15 | CVE-2021-20440 | IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536. | Api_connect | 4.3 | ||
2021-03-08 | CVE-2020-4903 | IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105. | Api_connect | 6.5 | ||
2021-02-04 | CVE-2020-4828 | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842. | Api_connect | 6.5 | ||
2021-02-04 | CVE-2020-4827 | IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | Api_connect | 4.3 |