Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)| Repositories | https://github.com/salesforce/tough-cookie |
| #Vulnerabilities | 79 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-25 | CVE-2018-2013 | IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. | Api_connect | 5.3 | ||
| 2019-06-25 | CVE-2019-4382 | IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. | Api_connect | 5.3 | ||
| 2019-02-07 | CVE-2019-4008 | API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | Api_connect | 9.8 | ||
| 2019-08-20 | CVE-2019-4460 | IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681. | Api_connect | 7.5 | ||
| 2019-08-20 | CVE-2019-4437 | IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. | Api_connect | 5.3 | ||
| 2021-08-17 | CVE-2020-4706 | IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194. | Api_connect | 5.4 | ||
| 2021-08-26 | CVE-2021-29715 | IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018. | Api_connect | 9.1 | ||
| 2019-08-20 | CVE-2019-4402 | IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | Api_connect | 7.5 | ||
| 2021-08-26 | CVE-2021-29772 | IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | Api_connect | 9.8 | ||
| 2021-08-04 | CVE-2020-4707 | IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | Api_connect | 5.4 |