Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Api_connect
(Ibm)| Repositories | https://github.com/salesforce/tough-cookie |
| #Vulnerabilities | 79 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-15 | CVE-2019-4203 | IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | Api_connect | 9.8 | ||
| 2019-06-25 | CVE-2018-2011 | IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150. | Api_connect | 5.3 | ||
| 2019-06-25 | CVE-2018-2013 | IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. | Api_connect | 5.3 | ||
| 2019-06-25 | CVE-2019-4382 | IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. | Api_connect | 5.3 | ||
| 2019-02-07 | CVE-2019-4008 | API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | Api_connect | 9.8 | ||
| 2019-08-20 | CVE-2019-4460 | IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681. | Api_connect | 7.5 | ||
| 2019-08-20 | CVE-2019-4437 | IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. | Api_connect | 5.3 | ||
| 2019-08-20 | CVE-2019-4402 | IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | Api_connect | 7.5 | ||
| 2018-12-20 | CVE-2018-1784 | IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807. | Api_connect | 9.8 | ||
| 2018-11-20 | CVE-2018-1779 | IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802. | Api_connect | 7.5 |