Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm api connect vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-1389
IBM API Connect 5.0.0.0 up to and including 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.
Ibm Api Connect
6.5
CVSSv3
CVE-2017-1556
IBM API Connect 5.0.7.0 up to and including 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated malicious user to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.7.2
6.1
CVSSv3
CVE-2018-2015
IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly l...
Ibm Api Connect
6.1
CVSSv3
CVE-2017-1551
IBM API Connect 5.0.0.0 up to and including 5.0.7.2 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions ...
Ibm Api Connect 5.0.0.0
Ibm Api Connect 5.0.0.1
Ibm Api Connect 5.0.7.2
Ibm Api Connect 5.0.5.0
Ibm Api Connect 5.0.6.0
Ibm Api Connect 5.0.6.1
Ibm Api Connect 5.0.6.2
Ibm Api Connect 5.0.1.0
Ibm Api Connect 5.0.3.0
Ibm Api Connect 5.0.6.4
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.2.0
Ibm Api Connect 5.0.4.0
Ibm Api Connect 5.0.6.3
Ibm Api Connect 5.0.7.0
5.9
CVSSv3
CVE-2018-1546
IBM API Connect 5.0.0.0 up to and including 5.0.8.3 could allow a remote malicious user to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man...
Ibm Api Connect
5.9
CVSSv3
CVE-2017-1386
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
Ibm Api Connect 5.0.2.0
Ibm Api Connect 5.0.4.0
Ibm Api Connect 5.0.0.0
Ibm Api Connect 5.0.0.1
Ibm Api Connect 5.0.1.0
Ibm Api Connect 5.0.6.0
Ibm Api Connect 5.0.6.1
Ibm Api Connect 5.0.6.2
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.3.0
Ibm Api Connect 5.0.5.0
Ibm Api Management 4.0.0.1
Ibm Api Management 4.0.4.1
Ibm Api Management 4.0.4.0
Ibm Api Management 4.0.2.0
Ibm Api Management 4.0.0.0
Ibm Api Management 4.0.4.2
Ibm Api Management 4.0.4.3
Ibm Api Management 4.0.4.4
Ibm Api Management 4.0.4.5
Ibm Api Management 4.0.2.1
Ibm Api Management 4.0.3.0
5.5
CVSSv3
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
Ibm Api Connect 10.0.5.3
Ibm Api Connect 10.0.6.0
5.5
CVSSv3
CVE-2021-29906
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
Ibm App Connect Enterprise Certified Container 1.0.0
Ibm App Connect Enterprise Certified Container 1.1.0
Ibm App Connect Enterprise Certified Container 1.2.0
Ibm App Connect Enterprise Certified Container 1.3.0
Ibm App Connect Enterprise Certified Container 1.4.0
Ibm App Connect Enterprise Certified Container 1.5.0
5.5
CVSSv3
CVE-2019-4444
IBM API Connect 2018.1 up to and including 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force I...
Ibm Api Connect
5.4
CVSSv3
CVE-2021-38997
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 up to and including 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an malicious user to conduct various atta...
Ibm Api Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »