Vulnerabilities > IBM > API Connect > 5.0.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2018-1469 | Unspecified vulnerability in IBM API Connect IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. | 9.8 |
| 2018-02-07 | CVE-2018-1382 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.3 |
| 2017-09-25 | CVE-2017-1551 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2017-07-31 | CVE-2017-1386 | Weak Password Requirements vulnerability in IBM API Connect and API Management IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. | 5.9 |
| 2017-06-27 | CVE-2017-1328 | Unspecified vulnerability in IBM API Connect IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. | 5.3 |
| 2017-06-27 | CVE-2017-1322 | XXE vulnerability in IBM API Connect IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2017-06-15 | CVE-2017-1379 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. | 7.5 |
| 2017-04-17 | CVE-2017-1161 | Improper Input Validation vulnerability in IBM API Connect 5.0.6.0 IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. | 7.3 |