Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm api connect vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-4827
IBM API Connect 10.0.0.0 up to and including 10.0.1.0 and 2018.4.1.0 up to and including 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM ...
Ibm Api Connect 10.0.0.0
Ibm Api Connect 10.0.1.0
Ibm Api Connect
4.1
CVSSv3
CVE-2020-4640
Certain IBM API Connect 10.0.0.0 up to and including 10.0.1.0 and 2018.4.1.0 up to and including 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, loggi...
Ibm Api Connect 10.0.0.0
Ibm Api Connect 10.0.1.0
Ibm Api Connect
6.5
CVSSv3
CVE-2020-4828
IBM API Connect 10.0.0.0 up to and including 10.0.1.0 and 2018.4.1.0 up to and including 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.
Ibm Api Connect 10.0.0.0
Ibm Api Connect 10.0.1.0
Ibm Api Connect
6.5
CVSSv3
CVE-2017-1556
IBM API Connect 5.0.7.0 up to and including 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated malicious user to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.7.2
4.3
CVSSv3
CVE-2021-20440
IBM API Connect 10.0.0.0, and 2018.4.1.0 up to and including 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member ...
Ibm Api Connect 10.0.0.0
Ibm Api Connect
4.3
CVSSv3
CVE-2018-1468
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.
Ibm Api Connect 5.0.8.2
Ibm Api Connect 5.0.8.1
5.5
CVSSv3
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
Ibm Api Connect 10.0.5.3
Ibm Api Connect 10.0.6.0
8.1
CVSSv3
CVE-2018-1778
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an malicious user to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and...
Ibm Api Connect
7.5
CVSSv3
CVE-2018-1779
IBM API Connect 2018.1 up to and including 2018.3.7 could allow an unauthenticated malicious user to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
Ibm Api Connect
4.3
CVSSv3
CVE-2018-1532
IBM API Connect 5.0.0.0 up to and including 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430.
Ibm Api Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »