Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:api_connect:5.0.4.0:*:*:*:*:*:*:*
There are 34 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-4838

IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036.

Published: January 12, 2021; 10:15:14 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

Published: January 05, 2021; 10:15:14 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-4251

IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.

Published: June 12, 2020; 9:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-4553

IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.

Published: March 24, 2020; 12:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-4600

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.

Published: October 28, 2019; 8:15:11 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.

Published: August 20, 2019; 3:15:16 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-4382

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.

Published: June 25, 2019; 12:15:10 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2018-1858

IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.

Published: June 25, 2019; 12:15:10 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-4256

IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.

Published: May 29, 2019; 11:29:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-1991

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.

Published: May 22, 2019; 11:29:02 AM -0400
V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

Published: April 15, 2019; 11:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 9.0 HIGH
CVE-2019-4202

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.

Published: April 15, 2019; 11:29:00 AM -0400
V3.0: 10.0 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-1874

IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.

Published: April 02, 2019; 10:29:00 AM -0400
V3.0: 4.6 MEDIUM
V2.0: 2.1 LOW
CVE-2018-1976

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.

Published: January 29, 2019; 11:29:00 AM -0500
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-1932

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.

Published: January 08, 2019; 11:29:00 AM -0500
V3.0: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.

Published: January 04, 2019; 10:29:00 AM -0500
V3.0: 4.7 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2018-1973

IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.

Published: December 20, 2018; 9:29:00 AM -0500
V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.

Published: December 20, 2018; 9:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-1774

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.

Published: November 08, 2018; 8:29:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-1599

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 143744.

Published: August 22, 2018; 7:29:00 AM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW