Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)| Repositories | https://github.com/salesforce/tough-cookie |
| #Vulnerabilities | 79 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-07 | CVE-2018-1382 | IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079. | Api_connect | 5.4 | ||
| 2018-02-07 | CVE-2017-1785 | IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. | Api_connect | 4.3 | ||
| 2017-09-13 | CVE-2017-1556 | IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546. | Api_connect | 6.5 | ||
| 2017-09-25 | CVE-2017-1555 | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | Api_connect | 4.3 | ||
| 2017-09-25 | CVE-2017-1551 | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | Api_connect | 6.1 | ||
| 2017-06-15 | CVE-2017-1379 | IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. | Api_connect | 7.5 | ||
| 2017-06-27 | CVE-2017-1322 | IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918. | Api_connect | 8.2 | ||
| 2017-04-17 | CVE-2017-1161 | IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. | Api_connect | 7.3 | ||
| 2016-12-01 | CVE-2016-3012 | IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. | Api_connect, Network_path_manager | 7.5 | ||
| 2018-09-05 | CVE-2016-1000232 | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | Api_connect, Openshift_container_platform, Tough\-Cookie | 5.3 |