Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)Repositories | https://github.com/salesforce/tough-cookie |
#Vulnerabilities | 79 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-04-15 | CVE-2019-4203 | IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | Api_connect | 9.8 | ||
2019-06-25 | CVE-2018-2011 | IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150. | Api_connect | 5.3 | ||
2019-06-25 | CVE-2018-2013 | IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. | Api_connect | 5.3 | ||
2019-06-25 | CVE-2019-4382 | IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. | Api_connect | 5.3 | ||
2019-02-07 | CVE-2019-4008 | API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | Api_connect | 9.8 | ||
2019-08-20 | CVE-2019-4460 | IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681. | Api_connect | 7.5 | ||
2019-08-20 | CVE-2019-4437 | IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. | Api_connect | 5.3 | ||
2021-08-17 | CVE-2020-4706 | IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194. | Api_connect | 5.4 | ||
2021-08-26 | CVE-2021-29715 | IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018. | Api_connect | 9.1 | ||
2019-08-20 | CVE-2019-4402 | IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | Api_connect | 7.5 |