Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)Repositories | https://github.com/salesforce/tough-cookie |
#Vulnerabilities | 79 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-07-31 | CVE-2017-1386 | IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160. | Api_connect, Api_management | 5.9 | ||
2017-06-27 | CVE-2017-1328 | IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230. | Api_connect | 5.3 | ||
2019-05-02 | CVE-2018-2015 | IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195. | Api_connect | 6.1 | ||
2019-04-02 | CVE-2018-1874 | IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636. | Api_connect | 4.6 | ||
2019-04-08 | CVE-2019-4155 | IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544. | Api_connect | 9.8 | ||
2019-04-08 | CVE-2019-4051 | Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542. | Api_connect | 5.3 | ||
2018-05-02 | CVE-2018-1468 | IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. | Api_connect | 4.3 | ||
2018-04-30 | CVE-2018-1430 | IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226. | Api_connect | 5.4 | ||
2018-04-30 | CVE-2018-1389 | IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213. | Api_connect | 6.5 | ||
2018-02-07 | CVE-2018-1382 | IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079. | Api_connect | 5.4 |