Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api manager vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-22027
The vRealize Operations Manager API (8.x before 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack leading to information discl...
Vmware Cloud Foundation
Vmware Vrealize Operations Manager 7.5.0
Vmware Vrealize Operations Manager
Vmware Vrealize Suite Lifecycle Manager
356
VMScore
CVE-2019-4045
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.
Ibm Business Process Manager
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.0
Ibm Business Process Manager 8.5.7.0
Ibm Business Process Manager 8.6.0.0
Ibm Business Automation Workflow
356
VMScore
CVE-2019-4603
IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. IBM X-Force ID: 168295.
Ibm Rational Quality Manager 6.0.2
Ibm Rational Quality Manager 6.0.6
Ibm Rational Quality Manager 6.0.6.1
356
VMScore
CVE-2014-6139
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.5.0
668
VMScore
CVE-2020-15394
The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.
Zohocorp Manageengine Applications Manager
Zohocorp Manageengine Applications Manager 14.0
1 Github repository
445
VMScore
CVE-2016-6364
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote malicious users to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
Cisco Unified Communications Manager 11.5.0
490
VMScore
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS...
Cloudera Cloudera Manager 5.12.1
Cloudera Cloudera Manager 5.13.0
Cloudera Navigator Key Trustee Kms 5.12.0
Cloudera Navigator Key Trustee Kms 5.13.0
Cloudera Cloudera Manager 5.13.1
Cloudera Cloudera Manager 5.12.0
Cloudera Cloudera Manager 5.12.2
570
VMScore
CVE-2012-1472
VMware vCenter Chargeback Manager (aka CBM) prior to 2.0.1 does not properly handle XML API requests, which allows remote malicious users to read arbitrary files or cause a denial of service via unspecified vectors.
Vmware Vcenter Chargeback Manager 1.6.2
Vmware Vcenter Chargeback Manager
356
VMScore
CVE-2016-0349
IBM Business Process Manager 8.5.6 up to and including 8.5.6.2 and 8.5.7 prior to 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.
Ibm Business Process Manager 8.5.7.0
Ibm Business Process Manager 8.5.6.0
445
VMScore
CVE-2015-6364
Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote malicious users to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960.
Cisco Videoscape Distribution Suite Service Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »