Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api connect vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-4638
IBM API Connect's API Manager 2018.4.1.0 up to and including 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.
Ibm Api Connect
3.5
CVSSv2
CVE-2020-4251
IBM API Connect 5.0.0.0 up to and including 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...
Ibm Api Connect
5
CVSSv2
CVE-2020-4695
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
Ibm Api Connect
5.5
CVSSv2
CVE-2020-4706
IBM API Connect 5.0.0.0 up to and including 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, whi...
Ibm Api Connect
3.5
CVSSv2
CVE-2020-4707
IBM API Connect 5.0.0.0 up to and including 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...
Ibm Api Connect
6.4
CVSSv2
CVE-2020-4899
IBM API Connect 5.0.0.0 up to and including 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.
Ibm Api Connect
5
CVSSv2
CVE-2018-2007
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 155078.
Ibm Api Connect
4
CVSSv2
CVE-2018-2009
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
Ibm Api Connect
5
CVSSv2
CVE-2018-2011
IBM API Connect 2018.1 up to and including 2018.4.1.5 could allow an malicious user to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.
Ibm Api Connect
5
CVSSv2
CVE-2018-2013
IBM API Connect 2018.1 up to and including 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
Ibm Api Connect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »