Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm api connect vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-2009
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
Ibm Api Connect
6.5
CVSSv3
CVE-2018-1389
IBM API Connect 5.0.0.0 up to and including 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.
Ibm Api Connect
6.5
CVSSv3
CVE-2017-1556
IBM API Connect 5.0.7.0 up to and including 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated malicious user to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.7.2
6.1
CVSSv3
CVE-2018-2015
IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly l...
Ibm Api Connect
6.1
CVSSv3
CVE-2017-1551
IBM API Connect 5.0.0.0 up to and including 5.0.7.2 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions ...
Ibm Api Connect 5.0.0.0
Ibm Api Connect 5.0.0.1
Ibm Api Connect 5.0.7.2
Ibm Api Connect 5.0.5.0
Ibm Api Connect 5.0.6.0
Ibm Api Connect 5.0.6.1
Ibm Api Connect 5.0.6.2
Ibm Api Connect 5.0.1.0
Ibm Api Connect 5.0.3.0
Ibm Api Connect 5.0.6.4
Ibm Api Connect 5.0.7.1
Ibm Api Connect 5.0.2.0
Ibm Api Connect 5.0.4.0
Ibm Api Connect 5.0.6.3
Ibm Api Connect 5.0.7.0
5.9
CVSSv3
CVE-2018-1546
IBM API Connect 5.0.0.0 up to and including 5.0.8.3 could allow a remote malicious user to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man...
Ibm Api Connect
5.9
CVSSv3
CVE-2017-1386
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
Ibm Api Connect 5.0.2.0
Ibm Api Connect 5.0.4.0
Ibm Api Connect 5.0.0.0
Ibm Api Connect 5.0.0.1
Ibm Api Connect 5.0.1.0
Ibm Api Connect 5.0.6.0
Ibm Api Connect 5.0.6.1
Ibm Api Connect 5.0.6.2
Ibm Api Connect 5.0.7.0
Ibm Api Connect 5.0.3.0
Ibm Api Connect 5.0.5.0
Ibm Api Management 4.0.0.1
Ibm Api Management 4.0.4.1
Ibm Api Management 4.0.4.0
Ibm Api Management 4.0.2.0
Ibm Api Management 4.0.0.0
Ibm Api Management 4.0.4.2
Ibm Api Management 4.0.4.3
Ibm Api Management 4.0.4.4
Ibm Api Management 4.0.4.5
Ibm Api Management 4.0.2.1
Ibm Api Management 4.0.3.0
5.5
CVSSv3
CVE-2023-47722
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
Ibm Api Connect 10.0.5.3
Ibm Api Connect 10.0.6.0
5.5
CVSSv3
CVE-2021-29906
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
Ibm App Connect Enterprise Certified Container 1.0.0
Ibm App Connect Enterprise Certified Container 1.1.0
Ibm App Connect Enterprise Certified Container 1.2.0
Ibm App Connect Enterprise Certified Container 1.3.0
Ibm App Connect Enterprise Certified Container 1.4.0
Ibm App Connect Enterprise Certified Container 1.5.0
5.5
CVSSv3
CVE-2019-4444
IBM API Connect 2018.1 up to and including 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force I...
Ibm Api Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »