Vulnerabilities > IBM > API Connect > 5.0.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-25 | CVE-2019-4382 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. | 5.3 |
| 2019-06-25 | CVE-2018-1858 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2019-05-29 | CVE-2019-4256 | Inadequate Encryption Strength vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-05-22 | CVE-2018-1991 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. | 4.0 |
| 2019-04-15 | CVE-2019-4203 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. | 9.8 |
| 2019-04-15 | CVE-2019-4202 | OS Command Injection vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. | 10.0 |
| 2019-04-02 | CVE-2018-1874 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. | 2.1 |
| 2019-01-29 | CVE-2018-1976 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. | 4.0 |
| 2019-01-08 | CVE-2018-1932 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. | 4.0 |
| 2019-01-04 | CVE-2018-1859 | Unspecified vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. | 6.5 |